[ubuntu/oracular-proposed] glib2.0 2.80.1-0ubuntu1 (Accepted)

Jeremy Bícha jbicha at ubuntu.com
Tue May 7 18:02:14 UTC 2024 

glib2.0 (2.80.1-0ubuntu1) oracular; urgency=medium

  * New upstream release
  * Drop patches applied in new release

glib2.0 (2.80.0-10ubuntu1) oracular; urgency=medium

  * Merge with Debian. Remaining change:
    - Don't enable sysprof integration in Ubuntu yet

glib2.0 (2.80.0-10) unstable; urgency=high

  * Team upload
  * d/patches: Add GDBus security fixes intended to be in 2.80.1
    - If local users send signals on the D-Bus system bus that spoof a
      trusted sender, do not deliver them to signal subscriptions for the
      trusted sender's well-known bus name (CVE-2024-34397)
    - Fix a use-after-free when subscribing to signals with an arg0
      match rule, originally from 2.79.0 and necessary to make the test
      for CVE-2024-34397 pass reliably
    - Add a local backport of g_set_str(), required by the above
    - Add proposed fix for a race condition that can cause a unit test
      to regress after the above
  * d/control: Add Breaks on gnome-shell (<< 44.9-2~).
    The security fix breaks screen recording and screencasting in older
    versions, so we should make sure both changes migrate together.
  * Set high urgency for security fix

Date: Tue, 07 May 2024 13:57:50 -0400
Changed-By: Jeremy Bícha <jbicha at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/glib2.0/2.80.1-0ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 07 May 2024 13:57:50 -0400
Source: glib2.0
Built-For-Profiles: noudeb
Architecture: source
Version: 2.80.1-0ubuntu1
Distribution: oracular
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jeremy Bícha <jbicha at ubuntu.com>
Changes:
 glib2.0 (2.80.1-0ubuntu1) oracular; urgency=medium
 .
   * New upstream release
   * Drop patches applied in new release
 .
 glib2.0 (2.80.0-10ubuntu1) oracular; urgency=medium
 .
   * Merge with Debian. Remaining change:
     - Don't enable sysprof integration in Ubuntu yet
 .
 glib2.0 (2.80.0-10) unstable; urgency=high
 .
   * Team upload
   * d/patches: Add GDBus security fixes intended to be in 2.80.1
     - If local users send signals on the D-Bus system bus that spoof a
       trusted sender, do not deliver them to signal subscriptions for the
       trusted sender's well-known bus name (CVE-2024-34397)
     - Fix a use-after-free when subscribing to signals with an arg0
       match rule, originally from 2.79.0 and necessary to make the test
       for CVE-2024-34397 pass reliably
     - Add a local backport of g_set_str(), required by the above
     - Add proposed fix for a race condition that can cause a unit test
       to regress after the above
   * d/control: Add Breaks on gnome-shell (<< 44.9-2~).
     The security fix breaks screen recording and screencasting in older
     versions, so we should make sure both changes migrate together.
   * Set high urgency for security fix
Checksums-Sha1:
 29aaa460b83125e909550bd8be5f76036019aa47 4639 glib2.0_2.80.1-0ubuntu1.dsc
 f9c0c1f83778f34ccfa40563d21a3535fd0485a0 263364 glib2.0_2.80.1.orig-unicode-data.tar.xz
 1ec1731143cb1723c40199b80bb495844c0cdb53 5529608 glib2.0_2.80.1.orig.tar.xz
 d1384675443afddcaf798852895bd6b54d45966c 131844 glib2.0_2.80.1-0ubuntu1.debian.tar.xz
 3084f5da4a0b9f0478d5a0b8c6a8e19c99c0a310 11681 glib2.0_2.80.1-0ubuntu1_source.buildinfo
Checksums-Sha256:
 f06262ba33b1ea52086d682e4b93a6bb185fbd21eb0c2fa43e3f2d3ffed9b4cf 4639 glib2.0_2.80.1-0ubuntu1.dsc
 38680f78a0ae6258826418cb5096c19ae3566ba8fee0a2112a0ec40056e58729 263364 glib2.0_2.80.1.orig-unicode-data.tar.xz
 bcfc8c2fab64fc9dcb91011375422159f1440502257fb90219215079d8716705 5529608 glib2.0_2.80.1.orig.tar.xz
 db734eaaf40310f7f83c4e98708280720d174b825f4656d459975bc7c5f808d2 131844 glib2.0_2.80.1-0ubuntu1.debian.tar.xz
 39683b6f51805e78837430a690b45c5c3357cdc533692aa2b8e46f4492b35a48 11681 glib2.0_2.80.1-0ubuntu1_source.buildinfo
Files:
 b4a125aece22f731a9c57898b555f465 4639 libs optional glib2.0_2.80.1-0ubuntu1.dsc
 52f85a65b58be1c5f2b4d0d943cff489 263364 libs optional glib2.0_2.80.1.orig-unicode-data.tar.xz
 a136e66c287b4eb1bf10accb03477b6f 5529608 libs optional glib2.0_2.80.1.orig.tar.xz
 b1b2d2cad16a99d34db7161ed09d11c3 131844 libs optional glib2.0_2.80.1-0ubuntu1.debian.tar.xz
 946bf507a38bb6e4b8c54907101eefe6 11681 libs optional glib2.0_2.80.1-0ubuntu1_source.buildinfo
Original-Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>

More information about the oracular-changes mailing list