-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 18 Aug 2025 09:27:51 +0100
Source: glib2.0
Binary: libglib2.0-0 libglib2.0-0-dbgsym libglib2.0-bin libglib2.0-bin-dbgsym libglib2.0-dev libglib2.0-dev-bin libglib2.0-dev-bin-dbgsym libglib2.0-tests libglib2.0-tests-dbgsym libglib2.0-udeb
Architecture: armhf
Version: 2.74.6-2+deb12u7
Distribution: bookworm
Urgency: medium
Maintainer: arm Build Daemon (arm-conova-01) <buildd_arm64-arm-conova-01@buildd.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Description:
 libglib2.0-0 - GLib library of C routines
 libglib2.0-bin - Programs for the GLib library
 libglib2.0-dev - Development files for the GLib library
 libglib2.0-dev-bin - Development utilities for the GLib library
 libglib2.0-tests - GLib library of C routines - installed tests
 libglib2.0-udeb - GLib library of C routines - minimal runtime (udeb)
Closes: 1065022 1104930 1110640 1110696
Changes:
 glib2.0 (2.74.6-2+deb12u7) bookworm; urgency=medium
 .
   * d/p/gstring-carefully-handle-gssize-parameters.patch,
     d/p/gstring-Make-len_unsigned-unsigned.patch:
     Add patches from upstream to fix a buffer underflow in GString.
     This could cause a memory overwrite if a program handles extremely large
     text strings of an attacker-controlled length. The required string length
     would be close to 2 GiB on 32-bit and the bug is not believed to be
     practically feasible to exploit on 64-bit. (CVE-2025-4373)
     (Closes: #1104930)
   * d/p/glib-gfileutils.c-use-64-bits-for-value-in-get_tmp_file.patch,
     d/p/gfileutils-fix-computation-of-temporary-file-name.patch:
     Add patches from upstream to fix a buffer underflow in get_tmp_file().
     This is used in g_mkstemp(), g_mkdtemp() and similar functions, and
     could cause a crash or possibly arbitrary file overwrites (believed to
     be unlikely to be exploitable in practice) if a long-running program
     creates more than 2 billion temporary files. (CVE-2025-7039)
     (Closes: #1110640)
   * d/libglib2.0-0.postrm.in:
     Rewrite postrm for safer upgrade behaviour, based on the version
     in unstable and proposed for inclusion in trixie:
     - Only remove giomodule.cache during purge, not during remove.
       This matches the behaviour of gschemas.compiled and avoids a window
       between old-postrm and new-postinst during which giomodule.cache is
       missing, breaking applications that need GIO modules.
     - Don't remove gschemas.compiled or giomodule.cache during purge
       if there is evidence that they might still be needed
       (Closes: #1065022, #1110696):
       + don't remove them if ${libdir}/glib-2.0 still exists, for example
         provided by libglib2.0-0t64 after upgrading to trixie;
       + don't remove gschemas.compiled if at least one GSettings schema
         still exists;
       + don't remove giomodule.cache if at least one GIO module still exists
     - Refactoring to support the above
   * d/tests/1065022-futureproofing:
     Add a test for #1065022, modified from the version in unstable and
     proposed for inclusion in trixie
Checksums-Sha1:
 8ad41cfd7f427bbda6b88cdf661102119b264b70 11405 glib2.0_2.74.6-2+deb12u7_armhf-buildd.buildinfo
 f9180428dfcb54643ea379b118d9e1fbd2af10b8 3911264 libglib2.0-0-dbgsym_2.74.6-2+deb12u7_armhf.deb
 b7a76cce6e0648188db0f906604dd0cddf04d327 1231480 libglib2.0-0_2.74.6-2+deb12u7_armhf.deb
 10b7dc5dc0e696147c2c5bdfdc9dcc12e567d7ba 144304 libglib2.0-bin-dbgsym_2.74.6-2+deb12u7_armhf.deb
 52347869cd4e8ccd3e14a4dfba4bc8f8262f2958 104788 libglib2.0-bin_2.74.6-2+deb12u7_armhf.deb
 0a92d2f63d5b523b9fc671423694b67094ef617a 70660 libglib2.0-dev-bin-dbgsym_2.74.6-2+deb12u7_armhf.deb
 ce986187d3c987f93b3956706c4c4357644acf9a 149168 libglib2.0-dev-bin_2.74.6-2+deb12u7_armhf.deb
 4c3b102c84a7ab0ac9fa21dae20b169c77fcd752 1483332 libglib2.0-dev_2.74.6-2+deb12u7_armhf.deb
 a6b84170719727f8b246b0e858a983a59c5f253e 4304076 libglib2.0-tests-dbgsym_2.74.6-2+deb12u7_armhf.deb
 a815d44387c794440e6ad9609bea0c591e42ef4b 1756376 libglib2.0-tests_2.74.6-2+deb12u7_armhf.deb
 29b2b08544fd6264a4eb9c9e5e62ec89d2c62008 2097664 libglib2.0-udeb_2.74.6-2+deb12u7_armhf.udeb
Checksums-Sha256:
 980ae5a877499c8a5dddf466086557833912b3fc19efe53679556f9df1c6be19 11405 glib2.0_2.74.6-2+deb12u7_armhf-buildd.buildinfo
 26e6894affee9418b4e27c751e4fa00dbf96605d073f51a3b435a89c2f8fbcc2 3911264 libglib2.0-0-dbgsym_2.74.6-2+deb12u7_armhf.deb
 0af2871a32f92ac29b06d98a9933a436e3cd4dbc5a75e6465979bfb00e1ace06 1231480 libglib2.0-0_2.74.6-2+deb12u7_armhf.deb
 dfb35b802fa8523da63d52ad478f20dd86348522e7720eb50bb4522afe2664b4 144304 libglib2.0-bin-dbgsym_2.74.6-2+deb12u7_armhf.deb
 a151c1d135ab80cad866698e25fa32e1cd44e68fc72e1e99dd0aa3a2d9240082 104788 libglib2.0-bin_2.74.6-2+deb12u7_armhf.deb
 55d47bc87285ae36ee0431dad144eacb185708c3034fa4d82e19770e94d31877 70660 libglib2.0-dev-bin-dbgsym_2.74.6-2+deb12u7_armhf.deb
 7f79c8c3cfffd14f847741c5bd1ce3308d46e8c6d780d2447a024c91ae9c00d1 149168 libglib2.0-dev-bin_2.74.6-2+deb12u7_armhf.deb
 6b06c550e235f36c8a88a9a8deba4800e60ef30c460a1e8a233dc679051ba542 1483332 libglib2.0-dev_2.74.6-2+deb12u7_armhf.deb
 5bb150dff074b1d5453249ab13676095291e7755d2d98ab3edc477258af5d66c 4304076 libglib2.0-tests-dbgsym_2.74.6-2+deb12u7_armhf.deb
 cdfd33e4380dc481ed878fb14cc20823a418ba77928c09db71c3f5982005fe78 1756376 libglib2.0-tests_2.74.6-2+deb12u7_armhf.deb
 db107229028bc8176d86b468c21486001493459a887bd8b7c642dd56c92134c6 2097664 libglib2.0-udeb_2.74.6-2+deb12u7_armhf.udeb
Files:
 8580e90535a0faa63ff77b8bd893c958 11405 libs optional glib2.0_2.74.6-2+deb12u7_armhf-buildd.buildinfo
 e03ab97d4f698c4aafc105c540a5f770 3911264 debug optional libglib2.0-0-dbgsym_2.74.6-2+deb12u7_armhf.deb
 8fc32a9fa0cdf3b11e740a418ebe0aaa 1231480 libs optional libglib2.0-0_2.74.6-2+deb12u7_armhf.deb
 9b7a5ef2ecf32989bd599214b361217c 144304 debug optional libglib2.0-bin-dbgsym_2.74.6-2+deb12u7_armhf.deb
 c074a22dae53190d3bd9a8f5c5f75f66 104788 misc optional libglib2.0-bin_2.74.6-2+deb12u7_armhf.deb
 85476452add58ed76de79950777379be 70660 debug optional libglib2.0-dev-bin-dbgsym_2.74.6-2+deb12u7_armhf.deb
 8a3e6a3bedb4a02b9dd96170c354b348 149168 libdevel optional libglib2.0-dev-bin_2.74.6-2+deb12u7_armhf.deb
 be1b035547fea4bac701693f016f59f6 1483332 libdevel optional libglib2.0-dev_2.74.6-2+deb12u7_armhf.deb
 546d85ff5f7b4323d9509a753454b4e7 4304076 debug optional libglib2.0-tests-dbgsym_2.74.6-2+deb12u7_armhf.deb
 8518790c0aa53dc6a437172f4b53d8fc 1756376 libs optional libglib2.0-tests_2.74.6-2+deb12u7_armhf.deb
 f96420e159b92f4e4a3da39b87de6115 2097664 debian-installer optional libglib2.0-udeb_2.74.6-2+deb12u7_armhf.udeb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEegRwmIwj8f99iF4m4CwlMGxHD8UFAmizZYoACgkQ4CwlMGxH
D8Vg1BAAu2ZDBIw0z35Gr1EUjLtdXaUVNepS0Eafrbd9YT2GdAgEVt/yInfLqllm
JD64u/AjoHIhd+vR2XtxWkOukkeSewkwyqtxApy7j9628Lq1tYnPvzz7sZdryaOg
Citlgy7m4szrznF+MHHx20IzVtUxawdzrR5js3oUxoR3X2FbEMaaNzLO9HM9rUK/
XqSxsFhfdHYMjJ3++cEvkc2YnzUo/FOxrafDC3/y4TEZ3ivB6q4g0WMqcsm9sl4N
g+Fp4UpVb7V7r/O11iV0GnRBHheQfm/dZLJIlWl1L2rSKraKqLPozlqm7MQNgZ2N
GpdrzFpd9tHU+BM+9BPXGvHbhAEQEbC85YaUYK5ZUAKwTMX81SzOpYmhxJGgMRad
LIA7zx9QFvhtZn8KIjiA4rOdVr7NwM3MEY46+HEC3ei97DlAgjmegpX4ajr9RtDA
r7BWqyOZgmFsPybfL8t0VKefUVb3qrv/b7h61hpECFGZOYxSOYlUxCaTEFgwHj02
bFLjNEPOQ3BxICguc/J9R3SiWYNec8muX7WUy0vM7lgSiOTDnfXYuIKgQRbLeA07
6FTuPTkFhVEm8sla8RpO80DmHhaN84zWOb/3txOUSxQjN43OUzplwn2Fh4tz0Dj7
iySZ+f1SOXw2loVLHssTZr72QPHjs7P1CUSprcvJlyq6MTwb3lE=
=FeA3
-----END PGP SIGNATURE-----