Glib2.0, GIMP, Atop, Bootstrap4 updates for Debian

Debian 10419 Published by

Debian GNU/Linux has undergone multiple security updates, encompassing glib2.0, gimp, atop, and twitter-bootstrap4:

Debian GNU/Linux 9 (Stretch) and 10 (Buster) Extended LTS:
ELA-1391-1 gimp security update

Debian GNU/Linux 10 (Buster) Extended LTS:
ELA-1390-1 glib2.0 security update
ELA-1386-1 atop security update
ELA-1392-1 twitter-bootstrap4 security update

Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 4128-1] glib2.0 security update



[SECURITY] [DLA 4128-1] glib2.0 security update


- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4128-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
April 13, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : glib2.0
Version : 2.66.8-1+deb11u6
CVE ID : CVE-2025-3360

Integer overflow in g_date_time_new_from_iso8601() has been fixed in the
GNOME library glib2.0.

For Debian 11 bullseye, this problem has been fixed in version
2.66.8-1+deb11u6.

We recommend that you upgrade your glib2.0 packages.

For the detailed security status of glib2.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/glib2.0

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



ELA-1390-1 glib2.0 security update


Package : glib2.0
Version : 2.58.3-2+deb10u8 (buster)

Related CVEs :
CVE-2025-3360

Integer overflow in g_date_time_new_from_iso8601() has been fixed in the GNOME library glib2.0.


ELA-1390-1 glib2.0 security update



ELA-1391-1 gimp security update


Package : gimp
Version : 2.8.18-1+deb9u3 (stretch), 2.10.8-2+deb10u2 (buster)

Related CVEs :
CVE-2025-2761

Out-of-bounds write in FLI (AutoDesk FLIC animation) file parsing has been fixed in GIMP, the GNU Image Manipulation Program.


ELA-1391-1 gimp security update



ELA-1386-1 atop security update


Package : atop
Version : 2.4.0-3+deb10u1 (buster)

Related CVEs :
CVE-2025-31160

It was discovered that Atop, a monitor tool for system resources and
process activity, always tried to connect to the port of atopgpud
(an additional daemon gathering GPU statistics not shipped in Debian)
while performing insufficient sanitising of the data read from this
port.
With this update, additional validation is added and by default atop
no longer tries to connect to the atopgpud daemon port unless explicitly
enabled via -k.


ELA-1386-1 atop security update



ELA-1392-1 twitter-bootstrap4 security update


Package : twitter-bootstrap4
Version : 4.3.1+dfsg2-1+deb10u1 (buster)

Related CVEs :
CVE-2024-6531

Bootstrap (formerly Twitter Bootstrap), a free and open-source CSS framework,
was affected by a XSS vulnerability in carousel component.
If you use bootstrap through a module bundler, you may need to rebuild your
application.


ELA-1392-1 twitter-bootstrap4 security update


Perl, Clmg, WebKitGTK, Protocal Buffers updates for Ubuntu

Zed 0.181.7 released

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...