-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 18 Aug 2025 09:27:51 +0100
Source: glib2.0
Binary: libglib2.0-0 libglib2.0-0-dbgsym libglib2.0-bin libglib2.0-bin-dbgsym libglib2.0-dev libglib2.0-dev-bin libglib2.0-dev-bin-dbgsym libglib2.0-tests libglib2.0-tests-dbgsym libglib2.0-udeb
Architecture: armel
Version: 2.74.6-2+deb12u7
Distribution: bookworm
Urgency: medium
Maintainer: arm Build Daemon (arm-conova-02) <buildd_arm64-arm-conova-02@buildd.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Description:
 libglib2.0-0 - GLib library of C routines
 libglib2.0-bin - Programs for the GLib library
 libglib2.0-dev - Development files for the GLib library
 libglib2.0-dev-bin - Development utilities for the GLib library
 libglib2.0-tests - GLib library of C routines - installed tests
 libglib2.0-udeb - GLib library of C routines - minimal runtime (udeb)
Closes: 1065022 1104930 1110640 1110696
Changes:
 glib2.0 (2.74.6-2+deb12u7) bookworm; urgency=medium
 .
   * d/p/gstring-carefully-handle-gssize-parameters.patch,
     d/p/gstring-Make-len_unsigned-unsigned.patch:
     Add patches from upstream to fix a buffer underflow in GString.
     This could cause a memory overwrite if a program handles extremely large
     text strings of an attacker-controlled length. The required string length
     would be close to 2 GiB on 32-bit and the bug is not believed to be
     practically feasible to exploit on 64-bit. (CVE-2025-4373)
     (Closes: #1104930)
   * d/p/glib-gfileutils.c-use-64-bits-for-value-in-get_tmp_file.patch,
     d/p/gfileutils-fix-computation-of-temporary-file-name.patch:
     Add patches from upstream to fix a buffer underflow in get_tmp_file().
     This is used in g_mkstemp(), g_mkdtemp() and similar functions, and
     could cause a crash or possibly arbitrary file overwrites (believed to
     be unlikely to be exploitable in practice) if a long-running program
     creates more than 2 billion temporary files. (CVE-2025-7039)
     (Closes: #1110640)
   * d/libglib2.0-0.postrm.in:
     Rewrite postrm for safer upgrade behaviour, based on the version
     in unstable and proposed for inclusion in trixie:
     - Only remove giomodule.cache during purge, not during remove.
       This matches the behaviour of gschemas.compiled and avoids a window
       between old-postrm and new-postinst during which giomodule.cache is
       missing, breaking applications that need GIO modules.
     - Don't remove gschemas.compiled or giomodule.cache during purge
       if there is evidence that they might still be needed
       (Closes: #1065022, #1110696):
       + don't remove them if ${libdir}/glib-2.0 still exists, for example
         provided by libglib2.0-0t64 after upgrading to trixie;
       + don't remove gschemas.compiled if at least one GSettings schema
         still exists;
       + don't remove giomodule.cache if at least one GIO module still exists
     - Refactoring to support the above
   * d/tests/1065022-futureproofing:
     Add a test for #1065022, modified from the version in unstable and
     proposed for inclusion in trixie
Checksums-Sha1:
 c77eb8aaf335a29214107aa4beb4f099707fb66e 11403 glib2.0_2.74.6-2+deb12u7_armel-buildd.buildinfo
 34b27a7f982bb4951785bcaf3ec7a553f847383a 3861420 libglib2.0-0-dbgsym_2.74.6-2+deb12u7_armel.deb
 cf33b2d237d0640478b7ec8cbba51c9088a19709 1213444 libglib2.0-0_2.74.6-2+deb12u7_armel.deb
 8e1304f8ed9c219f9ea5cfa6a0cfa3d33c862146 142484 libglib2.0-bin-dbgsym_2.74.6-2+deb12u7_armel.deb
 100c9fa3d9b5e283dde742ba28ae95fbdd467e3f 103440 libglib2.0-bin_2.74.6-2+deb12u7_armel.deb
 89c4000ad00fe5d0aa375699f9cea55c4ff4f6c8 71404 libglib2.0-dev-bin-dbgsym_2.74.6-2+deb12u7_armel.deb
 bc4a8f7bd272fec516b20ec2c20dc916d4b61a91 149696 libglib2.0-dev-bin_2.74.6-2+deb12u7_armel.deb
 837c2e0fa9739c37a209a9df620778e8d5e3350d 1474236 libglib2.0-dev_2.74.6-2+deb12u7_armel.deb
 698814e74757c2fda37f348870dc9fe5a190bbf4 4301040 libglib2.0-tests-dbgsym_2.74.6-2+deb12u7_armel.deb
 e9befe0e2e98ca6dcae7fdc51bef722679b231eb 1761544 libglib2.0-tests_2.74.6-2+deb12u7_armel.deb
 c08758e9a3fd7081caf31c05c026472ca4714946 2080976 libglib2.0-udeb_2.74.6-2+deb12u7_armel.udeb
Checksums-Sha256:
 0d5e529f33ebd8426bcde645884fc36b1e90de5ce13cf2d1cb65c82e195c50b5 11403 glib2.0_2.74.6-2+deb12u7_armel-buildd.buildinfo
 39bf86f5999ee88be0403d5ada5697505a1c9d8bd722b1a92141b2e5064e36ec 3861420 libglib2.0-0-dbgsym_2.74.6-2+deb12u7_armel.deb
 bc5575f109758361f003e79744b6b6c42211089dc81d9564cecb29a66ff5ac4a 1213444 libglib2.0-0_2.74.6-2+deb12u7_armel.deb
 3ac2a9300c1de07e8846a125bd43251bb333779fc03d50c3afb4017599ccf436 142484 libglib2.0-bin-dbgsym_2.74.6-2+deb12u7_armel.deb
 15d043aa8a3efc5694f6672baa77d31a80f9334a62c5d89538abe8e6565cc9ea 103440 libglib2.0-bin_2.74.6-2+deb12u7_armel.deb
 8f866513c64f8a833c07483cc9c84abb6a559d026212873ea20f5ecb0ee955e8 71404 libglib2.0-dev-bin-dbgsym_2.74.6-2+deb12u7_armel.deb
 22dbba14cf89842dd36dca12f4b9b633a9fcec8c5cb42ae825e60675177b80ce 149696 libglib2.0-dev-bin_2.74.6-2+deb12u7_armel.deb
 e59b3526f4cf75294778138882666caaf306bc580b23bcd8aa3224408221dbbf 1474236 libglib2.0-dev_2.74.6-2+deb12u7_armel.deb
 c281e7090ea6e476eb1d1def533e17ad18becdf95cb63848daf56ef6d2c837a5 4301040 libglib2.0-tests-dbgsym_2.74.6-2+deb12u7_armel.deb
 51aa54bd5fea270b8f9f4436ac97acc9ea198d07f98f670611eedd971c223cb3 1761544 libglib2.0-tests_2.74.6-2+deb12u7_armel.deb
 d81f1fdc71daa68f2229445c68b7b156701c0a243abd753a45edefbb173b3a59 2080976 libglib2.0-udeb_2.74.6-2+deb12u7_armel.udeb
Files:
 a6b55727366cefe7901d041f3c39a682 11403 libs optional glib2.0_2.74.6-2+deb12u7_armel-buildd.buildinfo
 19f456aa3b9008a7f7ad6f6c80ab89ec 3861420 debug optional libglib2.0-0-dbgsym_2.74.6-2+deb12u7_armel.deb
 e30d8e37a03f46fc8e4bc086f812485f 1213444 libs optional libglib2.0-0_2.74.6-2+deb12u7_armel.deb
 0a3105517447feb129591de965912346 142484 debug optional libglib2.0-bin-dbgsym_2.74.6-2+deb12u7_armel.deb
 f9d3cb1f6d5f251d9d20fdcf8ca26289 103440 misc optional libglib2.0-bin_2.74.6-2+deb12u7_armel.deb
 97af4d01f2f306e15038377cbc8df48e 71404 debug optional libglib2.0-dev-bin-dbgsym_2.74.6-2+deb12u7_armel.deb
 2a17f0cffd52b62156cdf98265980a15 149696 libdevel optional libglib2.0-dev-bin_2.74.6-2+deb12u7_armel.deb
 d084eb14eb055013a9bdfdf35e06bd42 1474236 libdevel optional libglib2.0-dev_2.74.6-2+deb12u7_armel.deb
 38dd9ce6227a003ec9567b96d8251913 4301040 debug optional libglib2.0-tests-dbgsym_2.74.6-2+deb12u7_armel.deb
 c80b8c5ebe47448ad91f243e25f8a6f8 1761544 libs optional libglib2.0-tests_2.74.6-2+deb12u7_armel.deb
 ad65257f39f7808ec7ef7dc299e0ce7d 2080976 debian-installer optional libglib2.0-udeb_2.74.6-2+deb12u7_armel.udeb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEWHj9K9pO9l4btbD1OQKMdMnEH5MFAmizZdYACgkQOQKMdMnE
H5NNKQ//UuB2jWRPIodMfAk+JkVw2bejqOSpnowjKdzuozzhgslkEjqvtTiBZ1kC
u0UHsvjOGHmWCHhp8VMBHORC0omAcUxOQ2qXxroune8bGK82fKgTvgZYSZRKHH1A
uSEFufxSUK37Foivw5+OURpgELmqhmz1BakLVwZajtqIhfZnxwJ7BEEUriyupB8D
FY+eGkB/k/w1pXwatWRAZFdlwjjYD58FECbJ8v3CDCeJecMwPJj54JqFAkusDDAi
uJh5UU6HLvo8L5gV6XB2FQhBcIjPQodlNnkFXvAWnVpK4T1njAYdqAJtDuhZI8PN
jURFIC6y6IjiKQh6I90rOfIh2RIwbFmXsfkwPiwUUkzYnk7zrKq2igFroB+twjsD
2RXdf7cObwLgBidTiQ1CPPP+FZpgJyq87/Bzbnw41sSxsUDeMbfV9hR5julHrs8j
0jhZfsuwVf6+fg9qzQPcrYxCHwb95bNN1gOCxc2/digZks/398SaqTpur5eJ2t3A
eNlr+tDVnLJdYL2iHztxJDsLko3M3wCyr+hhX39vH1Q0sgdQiBU4gbnjWqaHhKmg
qp85pKH+0kzggFfNZ3cU7uwa9uTXLPiFXI0MQG0VFPhlzVgsjZO02q2VkAgT0AfV
S6yohF4pDt2hxjEi+7dE4nMThbTjdHZCJoR+1vwj0hjgqDxZjxs=
=45a9
-----END PGP SIGNATURE-----