Skip to content

Backport !4038 "gdbusconnection: Don't deliver signals if the sender doesn't match" to glib-2-74

Simon McVittie requested to merge wip/smcv/2.74-cve-2024-34397 into glib-2-74

This is the equivalent of !4038 (merged), !4039 (merged), !4040 (merged) for GLib 2.74.x, resolving #3268 (closed).

I'm aware that GLib upstream does not support 2.74.x or plan to make new 2.74.x releases any more, but I had to prepare backports of this for Debian 12 anyway, so I'm leaving this here on an as-is basis: other LTS downstreams might find it useful. It corresponds to 2.74.6-2+deb12u1 in Debian.

Maintainers can either merge it into glib-2-74 for documentation purposes as an example of a hopefully-correct backport to this older branch, or close it as out-of-scope, whatever is preferred.

Merge request reports

Loading