Hi Simon, On Sat, Jan 17, 2026 at 11:28:43AM +0000, Simon McVittie wrote: > Control: severity -1 normal > > On Fri, 16 Jan 2026 at 23:47:08 +0100, Salvatore Bonaccorso wrote: > > The following vulnerability was published for glib2.0. > > > > CVE-2026-0988[0]: > > | Integer overflow in g_buffered_input_stream_peek() leads to > > | segmentation fault > > This is probably only a theoretical issue, unless someone has evidence of > software that calls this function with an attacker-chosen offset that can > approach the total size of the address space.
Ack sure, main purpose of the bug filling was to make the tracking. Severity downgrade seems fine indeed. Regards, Salvatore
