glib@2.62.6 is vulnerable to CVE-2021-27218 and CVE-2021-27219

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

glib@2.62.6 is vulnerable to CVE-2021-27218 and CVE-2021-27219

From:	Léo Le Bouter
Subject:	glib@2.62.6 is vulnerable to CVE-2021-27218 and CVE-2021-27219
Date:	Thu, 11 Mar 2021 00:44:06 +0100
User-agent:	Evolution 3.34.2

Upstream does not provide fixes for the 2.62.x series so we need to
backport ourselves.

I would rather switch to upstream-supported version (2.66.x or later)
as backporting patches does not appear sustainable for us, we already
have enough on our plate.

See:
- https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1942 (CVE-2021-
27218)
- https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1944 (CVE-2021-
27218)
- https://gitlab.gnome.org/GNOME/glib/-/issues/2319 (CVE-2021-27219)

Léo

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

glib@2.62.6 is vulnerable to CVE-2021-27218 and CVE-2021-27219, Léo Le Bouter <=
- Re: glib@2.62.6 is vulnerable to CVE-2021-27218 and CVE-2021-27219, Mark H Weaver, 2021/03/11
  - Re: glib@2.62.6 is vulnerable to CVE-2021-27218 and CVE-2021-27219, Mark H Weaver, 2021/03/11
    - Re: glib@2.62.6 is vulnerable to CVE-2021-27218 and CVE-2021-27219, Léo Le Bouter, 2021/03/11

Prev by Date: Re: Release 1.2.1: Cuirass failed to build Haskell 179 packages
Next by Date: GNOME Orca 'orca' package mislabeled by 'guix lint -c cve'
Previous by thread: Release 1.2.1: Remove 31 Python 2 packages
Next by thread: Re: glib@2.62.6 is vulnerable to CVE-2021-27218 and CVE-2021-27219
Index(es):
- Date
- Thread