projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f4f42d0) | patch
package/libglib2: security bump to version 2.66.7
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Sat, 27 Feb 2021 09:04:24 +0000 (10:04 +0100)
committerYann E. MORIN <yann.morin.1998@free.fr>
Sat, 27 Feb 2021 15:54:50 +0000 (16:54 +0100)
commit908d96717051c5b57566638c7566372553c6e148
tree992e3ad0acd0cc801278c9470e640843aa7ae819tree
parentf4f42d03d60ba3af61c10a2b409b62011d8f21f0commit | diff
package/libglib2: security bump to version 2.66.7

- Fix CVE-2021-27218: An issue was discovered in GNOME GLib before
  2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called
  with a buffer of 4GB or more on a 64-bit platform, the length would be
  truncated modulo 2**32, causing unintended length truncation.
- Fix CVE-2021-27219: An issue was discovered in GNOME GLib before
  2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an
  integer overflow on 64-bit platforms due to an implicit cast from 64
  bits to 32 bits. The overflow could potentially lead to memory
  corruption.

https://gitlab.gnome.org/GNOME/glib/-/blob/2.66.7/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
package/libglib2/0003-remove-cpp-requirement.patch diff | blob | history
package/libglib2/libglib2.hash diff | blob | history
package/libglib2/libglib2.mk diff | blob | history