[SECURITY] [DLA 3110-1] glib2.0 security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 3110-1] glib2.0 security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Thu, 15 Sep 2022 14:57:02 +0200 (CEST)
Message-id: <[🔎] 20220915125702.45EF42A02EA@andromeda>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3110-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
September 15, 2022                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : glib2.0
Version        : 2.58.3-2+deb10u4
CVE ID         : CVE-2021-3800

It was found that GLib, a general-purpose portable utility library,
could be used to print partial contents from arbitrary files. This
could be exploited from setuid binaries linking to GLib for information
disclosure of files with a specific format.

For Debian 10 buster, this problem has been fixed in version
2.58.3-2+deb10u4.

We recommend that you upgrade your glib2.0 packages.

For the detailed security status of glib2.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/glib2.0

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmMjIRoACgkQnUbEiOQ2
gwJsmBAAszrPwOuRnBy904Nj6jfXC7MKF/BKSHXYB3FMD9p+E9wd6tJ3ESlu1hiD
zLetcDl3kWfWGoQsWgEfdWRa4aTeXI3hRAxxw9dSF53pSWq9aqI+cetp2/d3tLK7
00Vm8Y5Gojj4lILZp1LsRMAsf4C4sgTvioUMLWHsQyCPCPMJ6j3MINd5ArKrymz1
2PEMtyJC+8ldMRNeHu8nlUFSiVYD9xDz5CaVFJqrSUGt0CbT1czzYdRvuOHhyXxj
FqYDPsu1lOLW/2TIu9ILqer03m2WjjJ4F7q1uErOUOam4R/yRzRwA5qI/h7QQHKQ
bqTVBSe2Fx34CsOj77x4D6xrdgvzsuLFj0iRerfGmSeAT8Mg3nYC1bIskKAzKLN6
kY8ut6BWcuYhPh2hPM0hWRFY0e78SmKVO6lWp+lGhLY2+KQYCCs2Z9EPW4Ay7N6S
uaunvTF3WRlAOZBakraW47+M0on3NfD0eYO6nokTpPl4BDMxjIKae6j9CGrsWhJ4
WOfmD9V1hc2zF9IkF1akV4WTuOdGuGKaPzV+Xbw88/jDqVxJB4yBq9bAl984ObcX
JPcEUkqSViRbvgTWhEztnf1o7sUPn43+DKP0Kwe/dj1P63ITIaIx4vh+TAdU3JmQ
5M8TiG2mxos2hYmJerrZV17ASMASl70utAzsiLjWQ9EjkPEUNRU=
=lB+i
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3093-2] rails regression update
Next by Date: [SECURITY] [DLA 3111-1] mod-wsgi security update
Previous by thread: [SECURITY] [DLA 3093-2] rails regression update
Next by thread: [SECURITY] [DLA 3111-1] mod-wsgi security update
Index(es):
- Date
- Thread