Additional to yesterday’s fixes, one more smaller security fix has just landed in GLib, fixing a crash in GDBusMenuModel triggerable by other peers on the bus.
- gmenumodel: disallow exporting large menus on the bus (!3133) · Merge requests · GNOME / GLib · GitLab (changes on
main) - Backport !3133 “gmenumodel: disallow exporting large menus on the bus” to glib-2-74 (!3134) · Merge requests · GNOME / GLib · GitLab (trivial backport to
glib-2-74)
Distros will want to cherry-pick these changes into their GLib packages soon, but probably with less urgency than yesterday’s fixes. There are no additional security fixes planned for GLib (so don’t worry about tomorrow).
As per GLib’s support policy, the fixes have not been backported to glib-2-72 or earlier. If distros wish to coordinate on backports to such older branches, please get in touch.