Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 886197 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32665)

Summary: <dev-libs/glib-2.74.3-r3: Multiple vulnerabilities
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: gnome
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=887807
Whiteboard: A2 [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on: 885627    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-12-16 04:47:10 UTC 
1. https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835

2. https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835

---

Already did 1. in:
```
commit f55b93c30f6280375deff99bba8b5e967460b1bf
Author: Sam James <sam@gentoo.org>
Date:   Wed Dec 14 00:54:51 2022 +0000

    dev-libs/glib: backport security fixes to 2.74.x

    See https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835.

    No Gentoo bug yet as Bugzilla is down.

    Signed-off-by: Sam James <sam@gentoo.org>
```

but doing 2. now.
Comment 1 Larry the Git Cow gentoo-dev 2022-12-16 04:56:58 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a28534a11a48579dab087115428e8ffec10d5b6

commit 9a28534a11a48579dab087115428e8ffec10d5b6
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-12-16 04:50:49 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-12-16 04:50:49 +0000

    dev-libs/glib: further security backports
    
    See https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835.
    
    Bug: https://bugs.gentoo.org/886197
    See: f55b93c30f6280375deff99bba8b5e967460b1bf
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-libs/glib/Manifest              |   1 +
 dev-libs/glib/glib-2.74.3-r3.ebuild | 290 ++++++++++++++++++++++++++++++++++++
 2 files changed, 291 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2023-11-27 12:28:45 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=e8cae5eafb887bc451b4344e6de2d99b8d6e75de

commit e8cae5eafb887bc451b4344e6de2d99b8d6e75de
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-11-27 12:24:33 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-11-27 12:28:31 +0000

    [ GLSA 202311-18 ] GLib: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/886197
    Bug: https://bugs.gentoo.org/887807
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202311-18.xml | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 49 insertions(+)