-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 18 Aug 2025 09:27:51 +0100
Source: glib2.0
Binary: libglib2.0-0 libglib2.0-0-dbgsym libglib2.0-bin libglib2.0-bin-dbgsym libglib2.0-dev libglib2.0-dev-bin libglib2.0-dev-bin-dbgsym libglib2.0-tests libglib2.0-tests-dbgsym libglib2.0-udeb
Architecture: i386
Version: 2.74.6-2+deb12u7
Distribution: bookworm
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Description:
 libglib2.0-0 - GLib library of C routines
 libglib2.0-bin - Programs for the GLib library
 libglib2.0-dev - Development files for the GLib library
 libglib2.0-dev-bin - Development utilities for the GLib library
 libglib2.0-tests - GLib library of C routines - installed tests
 libglib2.0-udeb - GLib library of C routines - minimal runtime (udeb)
Closes: 1065022 1104930 1110640 1110696
Changes:
 glib2.0 (2.74.6-2+deb12u7) bookworm; urgency=medium
 .
   * d/p/gstring-carefully-handle-gssize-parameters.patch,
     d/p/gstring-Make-len_unsigned-unsigned.patch:
     Add patches from upstream to fix a buffer underflow in GString.
     This could cause a memory overwrite if a program handles extremely large
     text strings of an attacker-controlled length. The required string length
     would be close to 2 GiB on 32-bit and the bug is not believed to be
     practically feasible to exploit on 64-bit. (CVE-2025-4373)
     (Closes: #1104930)
   * d/p/glib-gfileutils.c-use-64-bits-for-value-in-get_tmp_file.patch,
     d/p/gfileutils-fix-computation-of-temporary-file-name.patch:
     Add patches from upstream to fix a buffer underflow in get_tmp_file().
     This is used in g_mkstemp(), g_mkdtemp() and similar functions, and
     could cause a crash or possibly arbitrary file overwrites (believed to
     be unlikely to be exploitable in practice) if a long-running program
     creates more than 2 billion temporary files. (CVE-2025-7039)
     (Closes: #1110640)
   * d/libglib2.0-0.postrm.in:
     Rewrite postrm for safer upgrade behaviour, based on the version
     in unstable and proposed for inclusion in trixie:
     - Only remove giomodule.cache during purge, not during remove.
       This matches the behaviour of gschemas.compiled and avoids a window
       between old-postrm and new-postinst during which giomodule.cache is
       missing, breaking applications that need GIO modules.
     - Don't remove gschemas.compiled or giomodule.cache during purge
       if there is evidence that they might still be needed
       (Closes: #1065022, #1110696):
       + don't remove them if ${libdir}/glib-2.0 still exists, for example
         provided by libglib2.0-0t64 after upgrading to trixie;
       + don't remove gschemas.compiled if at least one GSettings schema
         still exists;
       + don't remove giomodule.cache if at least one GIO module still exists
     - Refactoring to support the above
   * d/tests/1065022-futureproofing:
     Add a test for #1065022, modified from the version in unstable and
     proposed for inclusion in trixie
Checksums-Sha1:
 0b4c762802227deef082e47b48ec2cbae0f839d6 11462 glib2.0_2.74.6-2+deb12u7_i386-buildd.buildinfo
 9883c2f5dee36e1a95044a1c12930edff161c8c3 3327960 libglib2.0-0-dbgsym_2.74.6-2+deb12u7_i386.deb
 bdcb2e93bbbc3c3330252ad9aa440f28e3f1afba 1472272 libglib2.0-0_2.74.6-2+deb12u7_i386.deb
 93b392a27bd7b6f3dc84d2ee2723c7da894bb91e 131412 libglib2.0-bin-dbgsym_2.74.6-2+deb12u7_i386.deb
 3eecc39bc0b9af27b8d2154ec7eb361ec0a92c46 114860 libglib2.0-bin_2.74.6-2+deb12u7_i386.deb
 8696c6c7f15b4512acd3f897dd2d6415d7f856da 65692 libglib2.0-dev-bin-dbgsym_2.74.6-2+deb12u7_i386.deb
 3c8cdc72bb480acecd1b8e36ab93303c06c73a88 152836 libglib2.0-dev-bin_2.74.6-2+deb12u7_i386.deb
 3c27b855bf6105d88529f532621dc1fa21a71686 1722416 libglib2.0-dev_2.74.6-2+deb12u7_i386.deb
 bdee36d1bbf6e55442c66dd5fbbf8694f89799f7 3994548 libglib2.0-tests-dbgsym_2.74.6-2+deb12u7_i386.deb
 42cdc26795a43242dcc4c50f0d86f77b9d57ccd3 1773080 libglib2.0-tests_2.74.6-2+deb12u7_i386.deb
 be1ba07dc87b851b963613548e0783a14ce06444 2332768 libglib2.0-udeb_2.74.6-2+deb12u7_i386.udeb
Checksums-Sha256:
 850a3430b90399b791f4c5868033d230907104edfffb1aa87270386902e1b145 11462 glib2.0_2.74.6-2+deb12u7_i386-buildd.buildinfo
 d60040d52933087dd93c1dbaa1ae52ff3c013ad9f423c1b14bc9d7f471890d96 3327960 libglib2.0-0-dbgsym_2.74.6-2+deb12u7_i386.deb
 69b7fad80e55c9952f4631d327a30e68843807e05d018edaa239c9e22820c6a3 1472272 libglib2.0-0_2.74.6-2+deb12u7_i386.deb
 0854f5da5bb4fc89a786c4a423f1ac1c794324a9ed67d02b256313d667aca450 131412 libglib2.0-bin-dbgsym_2.74.6-2+deb12u7_i386.deb
 0014ab717eaf5d853317dd621d7bfdf77240822d7d671493d02368e6a791a004 114860 libglib2.0-bin_2.74.6-2+deb12u7_i386.deb
 02d0c1e7e10d696b6bcd1a6dc8cd4a7534fa966a90283e91ddd3bfba02168be6 65692 libglib2.0-dev-bin-dbgsym_2.74.6-2+deb12u7_i386.deb
 05d1f9f3891842b6d40b19f97e55944894f03436465af95980c6f542b03cd5ef 152836 libglib2.0-dev-bin_2.74.6-2+deb12u7_i386.deb
 457d9709547856628e9930ec78e53112cd0be90ad0b9cb6ba036de5ad59b35c6 1722416 libglib2.0-dev_2.74.6-2+deb12u7_i386.deb
 5f3fa1d3b81a4e799d7a3075cd848bbafe16d9225a6d36bf5d9bc4e20769246f 3994548 libglib2.0-tests-dbgsym_2.74.6-2+deb12u7_i386.deb
 bb5df00aa66279873414207492eeb1880bf1eafce82c93da3153ac9c896ba375 1773080 libglib2.0-tests_2.74.6-2+deb12u7_i386.deb
 7d20e43783ce003b8205a9282a8503e1e39447acff621ae5c9d81dad7d773ff0 2332768 libglib2.0-udeb_2.74.6-2+deb12u7_i386.udeb
Files:
 3095a708c37c3b3061a71a3bb2a3da49 11462 libs optional glib2.0_2.74.6-2+deb12u7_i386-buildd.buildinfo
 ef139b338b789eb5cff24f58bbd58777 3327960 debug optional libglib2.0-0-dbgsym_2.74.6-2+deb12u7_i386.deb
 26c061f45422a8714329c9ebbdc7504d 1472272 libs optional libglib2.0-0_2.74.6-2+deb12u7_i386.deb
 665ef00b9d2e4a1d0b01efe8ec1793b9 131412 debug optional libglib2.0-bin-dbgsym_2.74.6-2+deb12u7_i386.deb
 05f9fc6f64992710e0caeb46f8156805 114860 misc optional libglib2.0-bin_2.74.6-2+deb12u7_i386.deb
 8f261a1115023975c3109e1d9c99a3c7 65692 debug optional libglib2.0-dev-bin-dbgsym_2.74.6-2+deb12u7_i386.deb
 d56b76845d9988e6a2029889732a9107 152836 libdevel optional libglib2.0-dev-bin_2.74.6-2+deb12u7_i386.deb
 44f6704076b6be9f49c65d27ddad11fa 1722416 libdevel optional libglib2.0-dev_2.74.6-2+deb12u7_i386.deb
 88b95cc38e918ed86ca0bb6ba6c3a9c0 3994548 debug optional libglib2.0-tests-dbgsym_2.74.6-2+deb12u7_i386.deb
 b4b428bfe9944da83f680a0ee1f949bb 1773080 libs optional libglib2.0-tests_2.74.6-2+deb12u7_i386.deb
 9628a15189dc88d0dc7d7ece763ac505 2332768 debian-installer optional libglib2.0-udeb_2.74.6-2+deb12u7_i386.udeb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEaPzFtKPtF0JrKPV5iZlfn74WV6kFAmizZgYACgkQiZlfn74W
V6mr6A//bZ7FwURObfEZ7gAfc6tr9ct/Wu2l7DpQY9qQ3pRR2+dHWhoSgekV69kT
ZTcWXft4FMuiqbJhFB0A5lZ/0f+7hQXqBZmQM4pSZUG5UB9fulUYwjOCHFM/iE5n
Sou1VOFG+o8K43riM/tCs4dQaA+ddmVeDWGUjCHXqUK3QW5EiHNOjgdDxXedssZN
htOzKTDbbIpS7wQ+LdjhPHFFNPn0AeVzTJWcVLUkqa0KVSXtI7WGvhLmlGJMfoum
qD4uB40oKvEj90aJP2LvHH+koDmPpaq+fVX4xQ3pj+ZIjlDelFrPKB/wbPlijTyZ
nTSY8DxrcMQFA386GmZKKgppJsphXO21Z4LGWJlnv4LfCMdD4NV+sfkpEhnR2Mh/
wdyCh98WJoZEzlAuzJ8jHVimPVrCX6gsoP8Bf1zArXEWpoqB22QoAb47FI7wLqZ8
ddc2RDxtUsBnnGWRTe6XtBONaYY7Wd+tfeHdIMzXOTTrMY3kAYIGv9j0BmzedQdB
TupJfKMayC/8eCSehlkgFsvckauc1Smc8thENx26lcQ6T5miEa2rIXs0/eIRFn+5
JXdoNvx36/NLUzBQeQx7NLx3ieV+uiwmCx5R83tLThDd3ubuCXCGuptqbj8Y3f0x
3LJLxv3UoT249d8Z1L4zaedQsHKqguw02nahqO7Z8Y+vylvN9aU=
=bBf4
-----END PGP SIGNATURE-----