-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 16 Feb 2026 09:11:04 +0100 Source: glib2.0 Architecture: source Version: 2.84.4-3~deb13u3 Distribution: trixie Urgency: medium Maintainer: Debian GNOME Maintainers Changed-By: Andreas Henriksson Closes: 1119919 1125752 1126549 1126550 1126551 Changes: glib2.0 (2.84.4-3~deb13u3) trixie; urgency=medium . * Non-maintainer upload by the LTS Security Team. * Add patch to fix timezone handling with Debian & Ubuntu's symlinks (Closes: #1119919) (LP: #2130378) * CVE-2026-0988: Missing input validation in g_buffered_input_stream_peek (Closes: #1125752) * CVE-2026-1484: Integer overflow in base64 encoding can cause memory corruption. (Closes: #1126551) * CVE-2026-1485: Buffer underflow vulnerability in content type parsing caused by (signed) integer wrap for large inputs. (Closes: #1126550) * CVE-2026-1489: Integer overflow in unicode conversion can lead to memory corruption. (Closes: #1126549) Checksums-Sha1: a711a8ed446f2b8cc04e57a2c5970128df0e0dd8 4883 glib2.0_2.84.4-3~deb13u3.dsc ade0b6ba8926c1cc81e28c86ae2652f47ceff885 660708 glib2.0_2.84.4.orig-unicode-data.tar.xz 7d021a627322082de873c483b540443c524712e1 5618200 glib2.0_2.84.4.orig.tar.xz a3a356bb4b2dd3e8769ca52cbd2e224d347560d4 153388 glib2.0_2.84.4-3~deb13u3.debian.tar.xz c4cff62dbc046feb6b8f6a0a7ba138a99f03c88a 8448 glib2.0_2.84.4-3~deb13u3_source.buildinfo Checksums-Sha256: 4b9e829d82cb5884e6de4250b4c31fd9030ca1be0c29f9b84e9141ee6d9344c1 4883 glib2.0_2.84.4-3~deb13u3.dsc c1742461e8c0e9673a3453a3127671169de9cb0138493e5c916f1b989530efcd 660708 glib2.0_2.84.4.orig-unicode-data.tar.xz 8a9ea10943c36fc117e253f80c91e477b673525ae45762942858aef57631bb90 5618200 glib2.0_2.84.4.orig.tar.xz 8e35b56abfed5cea96a93d032996efd3a3a5f445a2fc75445f5f42b4d84f42ef 153388 glib2.0_2.84.4-3~deb13u3.debian.tar.xz cf0faf6a4c11e6c2d621b20909cab7c81fe4ac03fb32ee9a7254cd1d39cb7623 8448 glib2.0_2.84.4-3~deb13u3_source.buildinfo Files: 5520698ed00387572b99f2d85ff36bc3 4883 libs optional glib2.0_2.84.4-3~deb13u3.dsc 2b38b2623d9b97ba703de7c94fd25ba2 660708 libs optional glib2.0_2.84.4.orig-unicode-data.tar.xz 5655d0ff809b98dd77c02490609fadde 5618200 libs optional glib2.0_2.84.4.orig.tar.xz c6feff8e95182d4e442d34c57174d795 153388 libs optional glib2.0_2.84.4-3~deb13u3.debian.tar.xz 37a6127460ed7c6f6eb70158d4c323be 8448 libs optional glib2.0_2.84.4-3~deb13u3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE+uHltkZSvnmOJ4zCC8R9xk0TUwYFAmm5a60ACgkQC8R9xk0T UwagXA//XGipUAd+/Eooq7yEulJKWWVfHXO7q75VLRpst212E2FoqlPi8NsRmjfj fbn6tIhRRelWQS8EScl2sdjTyr22FmU56/ksk5j1QxGY9uZIasTJnL2/sJGBrbnD DBtEy+l/awMND80dPw4C2Grp3FlwU1rnFmgSurCKZ5ueG5XOp2g//C09BXnRowOq AdsleAE7QlF3ayrJ4kVEAKVF9lPkPV2x212gCUxfcUBviMXJ02qqD4pQsU9O1S8j a6xZuQiwh+tMhHeEmN95iMQax1q9Eya/J4gZIk3oyr0RyyzVmdu7WDKAMXqj7a0W CfaQSOYs1fkEWHeHwyYp7rOwVRV30K9YwLjg0k75qWzdM7iWDngKNfCJVvuHh1Kb 2iBgTzpKd5GqdYSUpch/ao+WYzqf98uVqHSWTnsFEinOpNe5BMV33+atTvdv1A7F d8T0Vpz+yW2Dii/QL3fdCAaDBLDgfmNKz28hgpNR18roKaGzPozJMHqdm5ZSXTQ9 iFSTdyhmzw7v8RYguzbynEC8deo35oriZ5x8ns+6hT1zhOl/NlEwhwB6yZAMJjAH De/KUfbJekkHcKfBQzDouKbbw5yU3qwP0yeFg6wIy2572hnntsdKrGAbgta4s/X7 OzibM2dwLnD7DTUCiTDfuMu3Z0pAfpbrdkmrvBofgHIPxYWhQ1A= =3Hkb -----END PGP SIGNATURE-----