[ubuntu/precise-updates] glib2.0 2.32.4-0ubuntu1.4 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Mon May 3 13:30:56 UTC 2021


glib2.0 (2.32.4-0ubuntu1.4) precise-security; urgency=medium

  * SECURITY REGRESSION: regression in last security update (LP: #1838890)
    - debian/patches/CVE-2019-13012-regression.patch: fix a
      memory leak introduced by the last security update while
      not properly handled the g_file_get_patch function in
      gio/gkeyfilesettingsbackend.c.

glib2.0 (2.32.4-0ubuntu1.3) precise-security; urgency=medium

  * SECURITY UPDATE: Not properly restrict directory and file permissions
    - debian/patches/CVE-2019-13012.patch: changes the permissions when
      a directory is created, using 700 instead 777 in
      gio/gkeyfilesettingsbackend.c and changes test to run in a temp
      directory in gio/tests/gsettings.c.
    - CVE-2019-13012

glib2.0 (2.32.4-0ubuntu1.2) precise-security; urgency=medium

  * SECURITY UPDATE: Less restrictive permissions during copying
    - debian/patches/CVE-2019-12450.patch: limit access to file when
      copying in file_copy_fallback in file gio/gfile.c.
    - CVE-2019-12450

glib2.0 (2.32.4-0ubuntu1.1) precise-security; urgency=medium

  * SECURITY UPDATE: NULL pointer deference
    - debian/patches/CVE-2018-16428.patch: fix in glib/gmarkup.c,
      glib/tests/markups/fail-51.expected,
      glib/tests/markups/fail-51.gmarkup.
    - CVE-2018-16428
  * SECURITY UPDATE: Read out-of-bounds
    - debian/patches/CVE-2018-16429.patch: fix in glib/gmarkup.c and
      glib/tests/markups/fail-50.expected,
      glib/tests/markups/fail-50.gmarkup.
    - CVE-2018-16429

Date: 2019-08-05 17:06:18.586317+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/glib2.0/2.32.4-0ubuntu1.4
-------------- next part --------------
Sorry, changesfile not available.


More information about the Precise-changes mailing list