[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: glib vulnerable to CVE-2021-28153

From: Mark H Weaver
Subject: Re: glib vulnerable to CVE-2021-28153
Date: Fri, 12 Mar 2021 01:47:04 -0500

Hi Léo,

Léo Le Bouter <> writes:

> CVE-2021-28153        11.03.21 23:15
> An issue was discovered in GNOME GLib before 2.66.8. When
> g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to
> replace a path that is a dangling symlink, it incorrectly also creates
> the target of the symlink as an empty file, which could conceivably
> have security relevance if the symlink is attacker-controlled. (If the
> path is a symlink to a file that already exists, then the contents of
> that file correctly remain unchanged.)
> Another CVE just out,
> See:
> We need to backport another patch again it seems?

Thanks.  I backported the upstream fix, and pushed it to 'master' in
commit 5a06b83fc92710c5846a83bbf49f0ea84c8ecec2.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]