| Package | glib2.0 |
|---|---|
| Version | 2.33.12+really2.32.4-5+deb7u1 |
| Related CVEs | CVE-2019-12450 |
The file_copy_fallback() function/method in gio/gfile.c in GNOME GLib did not properly restrict file permissions while a copy operation was in progress. Instead, default permissions were used. A similar issue of the need of tigher permissions was also spotted still unfixed in the keyfile settings (gio/gkeyfilesettingsbackend.c).
For Debian 7 Wheezy, these problems have been fixed in version 2.33.12+really2.32.4-5+deb7u1.
We recommend that you upgrade your glib2.0 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.