#17441 closed enhancement (fixed)
glib-2.74.4
| Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 11.3 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New point version.
Change History (5)
comment:1 by , 2 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 2 years ago
| Priority: | normal → high |
|---|
comment:3 by , 2 years ago
comment:4 by , 2 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at 0d713c9e73fe11bf32642335c3000bef4e9db634
Security advisory coming shortly
Note:
See TracTickets
for help on using tickets.
Overview of changes in GLib 2.74.4 ================================== * Fix missing input validation in `GDBusMenuModel` (work by Lars Uebernickel) (#861) * Various GVariant security fixes when handling untrusted data (work by William Manley, Philip Withnall, Simon McVittie) (#2121, #2540, #2794, #2797, #2839, #2840, #2841) * Bugs fixed: - #861 insufficient input validation in GDBusMenuModel (Lars Uebernickel) - #2121 GVariant deserialisation does not match spec for non-normal data (William Manley, Philip Withnall) - #2540 Parsing serialized GVariants can blow up run-time and memory (Philip Withnall) - #2794 GVariant offset table entry size is not checked in is_normal() (Philip Withnall) - #2797 g_variant_byteswap() can take a long time with some non-normal inputs (Philip Withnall) - #2835 gio/gapplication test fails with test_dbus_activate: assertion failed (n_activations == 2): (1 == 2) (Philip Withnall) - #2839 [bisected] GVariant test regression on big-endian architectures (Simon McVittie) - #2840 fuzz_variant_binary_byteswap: Heap-buffer-overflow in g_variant_serialised_get_child (Philip Withnall) - #2841 fuzz_variant_text: Timeout in fuzz_variant_text (Philip Withnall) - #2852 alpine/musl: catching signals from a subprocess triggers GLib:ERROR:../glib/gmain.c:5569:siginfo_t_to_wait_status: code should not be reached (Philip Withnall) - !3114 Backport !3113 “gaction: Validate actions activated over D-Bus” to glib-2-74 - !3126 Backport !3125 “Various fixes to normal form handling in GVariant” to glib-2-74 - !3134 Backport !3133 “gmenumodel: disallow exporting large menus on the bus” to glib-2-74 - !3138 Backport !3136 “gvariant-serialiser: Convert endianness of offsets” to glib-2-74 - !3153 Backport !3120 “glib/gthread-posix: Conditionally use `futex` and/or `futex_time64` syscalls...” to glib-2-74 - !3161 Backport !3158 ”gmain: Define fallback values for siginfo_t constants for musl” to glib-2-74 - !3164 Backport !3163 “gvariant: Check offset table doesn’t fall outside variant bounds and speed up text parsing” to glib-2-74 * Translation updates: