[ubuntu/oracular-proposed] glib2.0 2.80.0-10ubuntu1 (Accepted)

Jeremy Bícha jbicha at ubuntu.com
Tue May 7 14:25:15 UTC 2024 

glib2.0 (2.80.0-10ubuntu1) oracular; urgency=medium

  * Merge with Debian. Remaining change:
    - Don't enable sysprof integration in Ubuntu yet

glib2.0 (2.80.0-10) unstable; urgency=high

  * Team upload
  * d/patches: Add GDBus security fixes intended to be in 2.80.1
    - If local users send signals on the D-Bus system bus that spoof a
      trusted sender, do not deliver them to signal subscriptions for the
      trusted sender's well-known bus name (CVE-2024-34397)
    - Fix a use-after-free when subscribing to signals with an arg0
      match rule, originally from 2.79.0 and necessary to make the test
      for CVE-2024-34397 pass reliably
    - Add a local backport of g_set_str(), required by the above
    - Add proposed fix for a race condition that can cause a unit test
      to regress after the above
  * d/control: Add Breaks on gnome-shell (<< 44.9-2~).
    The security fix breaks screen recording and screencasting in older
    versions, so we should make sure both changes migrate together.
  * Set high urgency for security fix

Date: Tue, 07 May 2024 10:19:40 -0400
Changed-By: Jeremy Bícha <jbicha at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/glib2.0/2.80.0-10ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 07 May 2024 10:19:40 -0400
Source: glib2.0
Built-For-Profiles: noudeb
Architecture: source
Version: 2.80.0-10ubuntu1
Distribution: oracular
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jeremy Bícha <jbicha at ubuntu.com>
Changes:
 glib2.0 (2.80.0-10ubuntu1) oracular; urgency=medium
 .
   * Merge with Debian. Remaining change:
     - Don't enable sysprof integration in Ubuntu yet
 .
 glib2.0 (2.80.0-10) unstable; urgency=high
 .
   * Team upload
   * d/patches: Add GDBus security fixes intended to be in 2.80.1
     - If local users send signals on the D-Bus system bus that spoof a
       trusted sender, do not deliver them to signal subscriptions for the
       trusted sender's well-known bus name (CVE-2024-34397)
     - Fix a use-after-free when subscribing to signals with an arg0
       match rule, originally from 2.79.0 and necessary to make the test
       for CVE-2024-34397 pass reliably
     - Add a local backport of g_set_str(), required by the above
     - Add proposed fix for a race condition that can cause a unit test
       to regress after the above
   * d/control: Add Breaks on gnome-shell (<< 44.9-2~).
     The security fix breaks screen recording and screencasting in older
     versions, so we should make sure both changes migrate together.
   * Set high urgency for security fix
Checksums-Sha1:
 4ec5a10b387539036d3acb846917992505e313d0 4643 glib2.0_2.80.0-10ubuntu1.dsc
 22afdf832c95ad4d7d35e4a206269361f8d4891b 150048 glib2.0_2.80.0-10ubuntu1.debian.tar.xz
 0bfc1a76760d8c0952376dc401f4ef5f19229fe3 11685 glib2.0_2.80.0-10ubuntu1_source.buildinfo
Checksums-Sha256:
 39124fce7abf0f2ccbac0a0831647755992057d29e7b2fc6dcb129f0273f1293 4643 glib2.0_2.80.0-10ubuntu1.dsc
 ab27914804dd724349bde7a4d34c7f1bafe0e97717bdfa829db00234c83dff13 150048 glib2.0_2.80.0-10ubuntu1.debian.tar.xz
 f5f5b5e7c7d7e356f2d2c2cdac0a5c60e42dea63f5a953ca4277b2477d9a5f68 11685 glib2.0_2.80.0-10ubuntu1_source.buildinfo
Files:
 146e873230e451a63f63a47c38d0ce2c 4643 libs optional glib2.0_2.80.0-10ubuntu1.dsc
 79ce040c07d782af5e426584d6e06149 150048 libs optional glib2.0_2.80.0-10ubuntu1.debian.tar.xz
 ec47009f175e7ff0a3099dd1dc203493 11685 libs optional glib2.0_2.80.0-10ubuntu1_source.buildinfo
Original-Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>

More information about the oracular-changes mailing list