File _patchinfo of Package patchinfo.23781
<patchinfo incident="23781"> <issue tracker="bnc" id="1183533">VUL-1: CVE-2021-28153: glib2: g_file_replace() with G_FILE_CREATE_REPLACE_DESTINATION creates empty target for dangling symlink</issue> <issue tracker="bnc" id="1211946">VUL-0: CVE-2023-32643: glib2: fuzz_variant_binary_byteswap: heap-buffer-overflow in g_variant_serialised_get_child()</issue> <issue tracker="bnc" id="1211951">VUL-0: CVE-2023-32611: glib2: g_variant_byteswap() can take a long time with some non-normal inputs</issue> <issue tracker="bnc" id="1211945">VUL-0: CVE-2023-32665: glib2: GVariant deserialisation does not match spec for non-normal data</issue> <issue tracker="bnc" id="1211947">VUL-0: CVE-2023-29499: glib2: GVariant offset table entry size is not checked in is_normal()</issue> <issue tracker="bnc" id="1211948">VUL-0: CVE-2023-32636: glib2: fuzz_variant_text: timeout in fuzz_variant_text()</issue> <issue tracker="cve" id="2023-32636"/> <issue tracker="cve" id="2023-32643"/> <issue tracker="cve" id="2023-32665"/> <issue tracker="cve" id="2023-29499"/> <issue tracker="cve" id="2023-32611"/> <issue tracker="cve" id="2021-28153"/> <packager>mgorse</packager> <rating>important</rating> <category>security</category> <summary>Security update for glib2</summary> <description>This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files. (bsc#1183533) - CVE-2023-32665: Fixed GVariant deserialisation which does not match spec for non-normal data. (bsc#1211945) - CVE-2023-32643: Fixed a heap-buffer-overflow in g_variant_serialised_get_child(). (bsc#1211946) - CVE-2023-29499: Fixed GVariant offset table entry size which is not checked in is_normal(). (bsc#1211947) - CVE-2023-32636: Fixed a wrong timeout in fuzz_variant_text(). (bsc#1211948) - CVE-2023-32611: Fixed an issue where g_variant_byteswap() can take a long time with some non-normal inputs. (bsc#1211951) </description> </patchinfo>
