rpms/glib
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Packages Wiki Activity Actions

glib: backport fixes for CVE-2025-13601 and CVE-2025-14087 #2

Open
sbelikov wants to merge 1 commit from cve-glib-CVE-2025-13601-CVE-2025-14087 into niceos-5.2
pull from: cve-glib-CVE-2025-13601-CVE-2025-14087
merge into: rpms:niceos-5.2
Conversation 0 Commits 1 Files changed 1 +10 -1
sbelikov commented 2026-05-26 15:36:28 +03:00
Owner
Copy link

Backport security fixes for two GLib memory-corruption issues in the 2.84.4-1 build.

  • CVE-2025-13601: heap buffer overflow in g_escape_uri_string().
  • CVE-2025-14087: heap corruption in the GVariant text parser.

The package ships shared libraries used by many consumers, so the fix should be applied as a security backport without changing ABI/SONAME.

Validation:

  • rebuild the RPMs for the main and 32-bit paths if enabled;
  • run focused reproducer tests for URI escaping and GVariant parsing;
  • verify package provides/sonames remain unchanged.
Backport security fixes for two GLib memory-corruption issues in the 2.84.4-1 build. - CVE-2025-13601: heap buffer overflow in `g_escape_uri_string()`. - CVE-2025-14087: heap corruption in the GVariant text parser. The package ships shared libraries used by many consumers, so the fix should be applied as a security backport without changing ABI/SONAME. Validation: - rebuild the RPMs for the main and 32-bit paths if enabled; - run focused reproducer tests for URI escaping and GVariant parsing; - verify package provides/sonames remain unchanged.
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin cve-glib-CVE-2025-13601-CVE-2025-14087:cve-glib-CVE-2025-13601-CVE-2025-14087
git switch cve-glib-CVE-2025-13601-CVE-2025-14087

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch niceos-5.2
git merge --no-ff cve-glib-CVE-2025-13601-CVE-2025-14087
git switch cve-glib-CVE-2025-13601-CVE-2025-14087
git rebase niceos-5.2
git switch niceos-5.2
git merge --ff-only cve-glib-CVE-2025-13601-CVE-2025-14087
git switch cve-glib-CVE-2025-13601-CVE-2025-14087
git rebase niceos-5.2
git switch niceos-5.2
git merge --no-ff cve-glib-CVE-2025-13601-CVE-2025-14087
git switch niceos-5.2
git merge --squash cve-glib-CVE-2025-13601-CVE-2025-14087
git switch niceos-5.2
git merge --ff-only cve-glib-CVE-2025-13601-CVE-2025-14087
git switch niceos-5.2
git merge cve-glib-CVE-2025-13601-CVE-2025-14087
git push origin niceos-5.2
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
auto-analysis
Created by niceos_cve_create_issues.py

  
cve
Created by niceos_cve_create_issues.py

  
match-cpe-range
Created by niceos_cve_create_issues.py

  
needs-triage
Created by niceos_cve_create_issues.py

  
security
Created by niceos_cve_create_issues.py

  
severity-critical
Created by niceos_cve_create_issues.py

  
source-niceos-scan
Created by niceos_cve_create_issues.py

  
source-nvd
Created by niceos_cve_create_issues.py

No labels
auto-analysis
cve
match-cpe-range
needs-triage
security
severity-critical
source-niceos-scan
source-nvd
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
rpms/glib!2
No description provided.