This bug was fixed in the package glib2.0 - 2.80.1-0ubuntu2
---------------
glib2.0 (2.80.1-0ubuntu2) oracular; urgency=medium
* Fix doc build
glib2.0 (2.80.1-0ubuntu1) oracular; urgency=medium
* New upstream release
* Drop patches applied in new release
glib2.0 (2.80.0-10ubuntu1) oracular; urgency=medium
* Merge with Debian. Remaining change:
- Don't enable sysprof integration in Ubuntu yet
glib2.0 (2.80.0-10) unstable; urgency=high
* Team upload
* d/patches: Add GDBus security fixes intended to be in 2.80.1
- If local users send signals on the D-Bus system bus that spoof a
trusted sender, do not deliver them to signal subscriptions for the
trusted sender's well-known bus name (CVE-2024-34397)
- Fix a use-after-free when subscribing to signals with an arg0
match rule, originally from 2.79.0 and necessary to make the test
for CVE-2024-34397 pass reliably
- Add a local backport of g_set_str(), required by the above
- Add proposed fix for a race condition that can cause a unit test
to regress after the above
* d/control: Add Breaks on gnome-shell (<< 44.9-2~).
The security fix breaks screen recording and screencasting in older
versions, so we should make sure both changes migrate together.
* Set high urgency for security fix
-- Jeremy BĂcha <jbi...@ubuntu.com> Tue, 07 May 2024 14:51:49 -0400
** Changed in: glib2.0 (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-34397
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2063221
Title:
Drop libglib2.0-0 transitional package
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glib2.0/+bug/2063221/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
