Skip to content

Backport !4038 "gdbusconnection: Don't deliver signals if the sender doesn't match" to glib-2-66

Simon McVittie requested to merge wip/smcv/2.66-cve-2024-34397 into glib-2-66

Similar to !4041 (closed), this is the equivalent of !4038 (merged), !4039 (merged), !4040 (merged) for GLib 2.66.x, resolving #3268 (closed).

I'm aware that GLib upstream does not support 2.66.x or plan to make new 2.66.x releases any more, but I had to prepare backports of this for Debian 11 anyway, so I'm leaving this here on an as-is basis: other LTS downstreams might find it useful. It corresponds to 2.66.8-1+deb11u2 in Debian.

Maintainers can either merge it into glib-2-66 for documentation purposes as an example of a hopefully-correct backport to this older branch, or close it as out-of-scope, whatever is preferred.

Merge request reports

Loading