On Mon, Mar 11, 2019 at 09:32:02PM +0100, Salvatore Bonaccorso wrote:
> Source: glib2.0
> Version: 2.58.3-1
> Severity: important
> Tags: security upstream
> Forwarded: https://gitlab.gnome.org/GNOME/glib/issues/1649
> Control: fixed -1 2.59.2-1
>
> Hi,
>
> The following vulnerability was published for glib2.0, filling a bug
> for tracking.
>
> CVE-2019-9633[0]:
> | gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent
> | GTask remains alive during the execution of a connection-attempting
> | enumeration, which allows remote attackers to cause a denial of service
> | (g_socket_client_connected_callback mishandling and application crash)
> | via a crafted web site, as demonstrated by GNOME Web (aka Epiphany).
This is fixed in experimental, what's the status/plan for buster?
Cheers,
Moritz
