ELA-125-1 glib2.0 security update

unwanted file access during creation/copy of files

2019-06-01
Packageglib2.0
Version2.33.12+really2.32.4-5+deb7u1
Related CVE CVE-2019-12450

The file_copy_fallback() function/method in gio/gfile.c in GNOME GLib did not properly restrict file permissions while a copy operation was in progress. Instead, default permissions were used. A similar issue of the need of tigher permissions was also spotted still unfixed in the keyfile settings (gio/gkeyfilesettingsbackend.c).

For Debian 7 Wheezy, these problems have been fixed in version 2.33.12+really2.32.4-5+deb7u1.

We recommend that you upgrade your glib2.0 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/