Overview

File _patchinfo of Package patchinfo.18701

<patchinfo incident="18701">
  <issue tracker="cve" id="2021-27219"/>
  <issue tracker="cve" id="2021-27218"/>
  <issue tracker="bnc" id="1182362">VUL-0: CVE-2021-27219: glib2: integer overflow in g_bytes_new due to an implicit cast from 64 bits to 32 bits</issue>
  <issue tracker="bnc" id="1182328">VUL-0: CVE-2021-27218: glib2: length truncation when g_byte_array_new_take() is called with a buffer of 4GB or more on 64-bit</issue>
  <packager>AZhou</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for glib2</summary>
  <description>This update for glib2 fixes the following issues:

- CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328)

- CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places