-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 18 Aug 2025 09:27:51 +0100
Source: glib2.0
Binary: libglib2.0-0 libglib2.0-0-dbgsym libglib2.0-bin libglib2.0-bin-dbgsym libglib2.0-dev libglib2.0-dev-bin libglib2.0-dev-bin-dbgsym libglib2.0-tests libglib2.0-tests-dbgsym libglib2.0-udeb
Architecture: amd64
Version: 2.74.6-2+deb12u7
Distribution: bookworm
Urgency: medium
Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc-01@buildd.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Description:
 libglib2.0-0 - GLib library of C routines
 libglib2.0-bin - Programs for the GLib library
 libglib2.0-dev - Development files for the GLib library
 libglib2.0-dev-bin - Development utilities for the GLib library
 libglib2.0-tests - GLib library of C routines - installed tests
 libglib2.0-udeb - GLib library of C routines - minimal runtime (udeb)
Closes: 1065022 1104930 1110640 1110696
Changes:
 glib2.0 (2.74.6-2+deb12u7) bookworm; urgency=medium
 .
   * d/p/gstring-carefully-handle-gssize-parameters.patch,
     d/p/gstring-Make-len_unsigned-unsigned.patch:
     Add patches from upstream to fix a buffer underflow in GString.
     This could cause a memory overwrite if a program handles extremely large
     text strings of an attacker-controlled length. The required string length
     would be close to 2 GiB on 32-bit and the bug is not believed to be
     practically feasible to exploit on 64-bit. (CVE-2025-4373)
     (Closes: #1104930)
   * d/p/glib-gfileutils.c-use-64-bits-for-value-in-get_tmp_file.patch,
     d/p/gfileutils-fix-computation-of-temporary-file-name.patch:
     Add patches from upstream to fix a buffer underflow in get_tmp_file().
     This is used in g_mkstemp(), g_mkdtemp() and similar functions, and
     could cause a crash or possibly arbitrary file overwrites (believed to
     be unlikely to be exploitable in practice) if a long-running program
     creates more than 2 billion temporary files. (CVE-2025-7039)
     (Closes: #1110640)
   * d/libglib2.0-0.postrm.in:
     Rewrite postrm for safer upgrade behaviour, based on the version
     in unstable and proposed for inclusion in trixie:
     - Only remove giomodule.cache during purge, not during remove.
       This matches the behaviour of gschemas.compiled and avoids a window
       between old-postrm and new-postinst during which giomodule.cache is
       missing, breaking applications that need GIO modules.
     - Don't remove gschemas.compiled or giomodule.cache during purge
       if there is evidence that they might still be needed
       (Closes: #1065022, #1110696):
       + don't remove them if ${libdir}/glib-2.0 still exists, for example
         provided by libglib2.0-0t64 after upgrading to trixie;
       + don't remove gschemas.compiled if at least one GSettings schema
         still exists;
       + don't remove giomodule.cache if at least one GIO module still exists
     - Refactoring to support the above
   * d/tests/1065022-futureproofing:
     Add a test for #1065022, modified from the version in unstable and
     proposed for inclusion in trixie
Checksums-Sha1:
 9785a405ba0379145a07873f1d05b281b3bf2ff2 11562 glib2.0_2.74.6-2+deb12u7_amd64-buildd.buildinfo
 7540a982e76071759f62e205a57dae6c8ea68907 4040636 libglib2.0-0-dbgsym_2.74.6-2+deb12u7_amd64.deb
 799dcf853510478218543292e2def85dfbdbc978 1401332 libglib2.0-0_2.74.6-2+deb12u7_amd64.deb
 0c8b6443030ab3f7491692b46d470562d7536c6b 152844 libglib2.0-bin-dbgsym_2.74.6-2+deb12u7_amd64.deb
 2772de0e24fbdeaeac25198903230a63e331d1ab 111532 libglib2.0-bin_2.74.6-2+deb12u7_amd64.deb
 4b5557905a305249967baaae34bf7f5c191ad6a1 73484 libglib2.0-dev-bin-dbgsym_2.74.6-2+deb12u7_amd64.deb
 06447970513cd10358df426f54d70b6e07db2d05 152340 libglib2.0-dev-bin_2.74.6-2+deb12u7_amd64.deb
 6286238cd245d325c217465796131ec614834a14 1605392 libglib2.0-dev_2.74.6-2+deb12u7_amd64.deb
 57c3e1d269b482dbd5e29877789470e637959807 4793728 libglib2.0-tests-dbgsym_2.74.6-2+deb12u7_amd64.deb
 62b992cd20f66e1d176089ffa703170a5267b1d4 1864308 libglib2.0-tests_2.74.6-2+deb12u7_amd64.deb
 70f4dbca7c82e46d934fcb3f0176c8c9e411042a 2265964 libglib2.0-udeb_2.74.6-2+deb12u7_amd64.udeb
Checksums-Sha256:
 6e6608ea34b4b4bdc834b3d88ee46511fa8a477b633c31ed0f5321aad6cbf9a4 11562 glib2.0_2.74.6-2+deb12u7_amd64-buildd.buildinfo
 d6757be85b07a141da4e38e72c27a1441a1783e61c40567bcceb34ab94c160a7 4040636 libglib2.0-0-dbgsym_2.74.6-2+deb12u7_amd64.deb
 715d4dbc3e324534b5317e2ed2c78f69aa45b6b7b720dc76e7fa8ff2621bff81 1401332 libglib2.0-0_2.74.6-2+deb12u7_amd64.deb
 7c1d91723e2d9781a66c2943b355a3e308e297928b768cd171a5be97c5e9590f 152844 libglib2.0-bin-dbgsym_2.74.6-2+deb12u7_amd64.deb
 11e49ee588b4d9753d2b0d52ffadaa01bc2f08d4f2219c7ef3d5598ebf316489 111532 libglib2.0-bin_2.74.6-2+deb12u7_amd64.deb
 b03f48fdf784371e8dacae5c2b1288345a0c26604b462fdc59358c66f25e781d 73484 libglib2.0-dev-bin-dbgsym_2.74.6-2+deb12u7_amd64.deb
 abc8fe1b4bc4d4aa1a02034c55d87d66266b318678f1c8d6464443a40d2b4a06 152340 libglib2.0-dev-bin_2.74.6-2+deb12u7_amd64.deb
 e5a676cde298cc0ebcb8d3a012b50784eb81e10123fc02e794471bd70d5439b7 1605392 libglib2.0-dev_2.74.6-2+deb12u7_amd64.deb
 d38da96ac7cd5c7171796ada858a7308dc4dfa6a81a203fe985076d40c9993f7 4793728 libglib2.0-tests-dbgsym_2.74.6-2+deb12u7_amd64.deb
 d6ae4c863d6e0fc78d3db99661fb2d45c0db107f92637a034b1c064b54cc6f24 1864308 libglib2.0-tests_2.74.6-2+deb12u7_amd64.deb
 12e2189a73fd21c167c8430c97dff71b86f5998676c9165a88a3171a1bafd8ec 2265964 libglib2.0-udeb_2.74.6-2+deb12u7_amd64.udeb
Files:
 e0ccf4062f293313f640f17170ece9e8 11562 libs optional glib2.0_2.74.6-2+deb12u7_amd64-buildd.buildinfo
 68c472dd16ea69bed7c0cc6b9f28ad3a 4040636 debug optional libglib2.0-0-dbgsym_2.74.6-2+deb12u7_amd64.deb
 4b9602906b520497efbd585ee65c067c 1401332 libs optional libglib2.0-0_2.74.6-2+deb12u7_amd64.deb
 4ae08941fd64bcc3ed0826cee2af97f3 152844 debug optional libglib2.0-bin-dbgsym_2.74.6-2+deb12u7_amd64.deb
 a3a577e9aea8c27bc7eeef749e8e6694 111532 misc optional libglib2.0-bin_2.74.6-2+deb12u7_amd64.deb
 9dd18adff096f6c195f3f332d06d1c12 73484 debug optional libglib2.0-dev-bin-dbgsym_2.74.6-2+deb12u7_amd64.deb
 bf5f52d5d021138653a43c5f6842dd59 152340 libdevel optional libglib2.0-dev-bin_2.74.6-2+deb12u7_amd64.deb
 02346d9605cc50f6f79f846b842490cd 1605392 libdevel optional libglib2.0-dev_2.74.6-2+deb12u7_amd64.deb
 78afbc25c3992ed5b42fd4723db0c254 4793728 debug optional libglib2.0-tests-dbgsym_2.74.6-2+deb12u7_amd64.deb
 6de666d65b5f9fb129ca866e46a1bd73 1864308 libs optional libglib2.0-tests_2.74.6-2+deb12u7_amd64.deb
 77c5c4e99af67541f466158501346839 2265964 debian-installer optional libglib2.0-udeb_2.74.6-2+deb12u7_amd64.udeb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEnw0rdzqckKx6dwRTEbCLukZn24oFAmizZOQACgkQEbCLukZn
24oSLA//S9bsD5A2jieqbegF2maiXtJtZxP+xICgNU7+M3uGtqW+ak5kzJbeAwyZ
B8YUIOqtws8VX5OQzEfAaFx1HzRgD4IyWQhBSOHJPRXQXyNWuse+PHNNAaYcvh+s
LcwGtJmCEEXdUANAoMZsSSMBfzh20qBmmWLLZ8aOMhJoW21PagikUIoQtb1g1dC3
IeFx4LeS5gqsfZOTxVVM4GbqoLmikNeMHq8ILbHEzzjeXR8GH6XXWEcvDYiCe5z0
X8ewLZa+Hpk276ddZrZUeLkxTfh6JYbKvq/+/JgxDIA+GFbzVherZDDtY3jjl+E9
joRZ/dzgJBzPYClshTS6nmXyjkmNzOUzbFZ5C3fsuH4DuR6okc4mQLr+6jnSy2UQ
6EuHdgACva1iS8PsBiydv+UdkIF79w17Lml2hla4vP//HN1SIpfqRmRq1AkLFH5z
q4M2cJBiTn5uTk6JVPHzgSBjcGmbyZAzYaFgyZ7+MR+JSaIQUyJdyE88rpMO1PFk
wociCBcEm3rcQSGPAhJvqSPBEKSwP+83ipEyicLaTU2+vhqHMBvI5sS2WxFB+yQn
7A4xUFPZ/+ClBKv5p4oEiPURfmrmmj2G/eP9OaxlaLiMESUzoLtcaJ5jIQ+48vNM
/D1F66ubxOidDCtpsG78yTcpEFNTxwjwcwjqrZYeaUOqMBqjZsA=
=p/Gs
-----END PGP SIGNATURE-----