Source: glib2.0 Version: 2.58.3-1 Severity: important Tags: security upstream Forwarded: https://gitlab.gnome.org/GNOME/glib/issues/1649 Control: fixed -1 2.59.2-1
Hi, The following vulnerability was published for glib2.0, filling a bug for tracking. CVE-2019-9633[0]: | gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent | GTask remains alive during the execution of a connection-attempting | enumeration, which allows remote attackers to cause a denial of service | (g_socket_client_connected_callback mishandling and application crash) | via a crafted web site, as demonstrated by GNOME Web (aka Epiphany). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-9633 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9633 [1] https://gitlab.gnome.org/GNOME/glib/issues/1649 Please adjust the affected versions in the BTS as needed. Regards, Salvatore