package/libglib2: security bump to version 2.66.7 (908d9671) · Commits · Infra Solutions / Reference Design / platsw / buildroot

Commit 908d9671 authored Feb 27, 2021 by Fabrice Fontaine Committed by Yann E. MORIN Feb 27, 2021

package/libglib2: security bump to version 2.66.7

- Fix CVE-2021-27218: An issue was discovered in GNOME GLib before
  2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called
  with a buffer of 4GB or more on a 64-bit platform, the length would be
  truncated modulo 2**32, causing unintended length truncation.
- Fix CVE-2021-27219: An issue was discovered in GNOME GLib before
  2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an
  integer overflow on 64-bit platforms due to an implicit cast from 64
  bits to 32 bits. The overflow could potentially lead to memory
  corruption.

https://gitlab.gnome.org/GNOME/glib/-/blob/2.66.7/NEWS



Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

parent f4f42d03

Hide whitespace changes

Inline Side-by-side

Please register or to comment