Another CVE was issued by Mitre yesterday for another bug listed on https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home
https://gitlab.gnome.org/GNOME/glib/-/issues/3461 reports that: "set_connect_msg() receives a buffer of size SOCKS4_CONN_MSG_LEN but it writes up to SOCKS4_CONN_MSG_LEN + 1 bytes to it. This is because SOCKS4_CONN_MSG_LEN doesn't account for the trailing nul character that set_connect_msg() appends after the hostname." The fix was made by https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4281 which was then backported to the glib-2.82.1 release made on Sep. 19. https://www.cve.org/CVERecord?id=CVE-2024-52533 says that NVD has assigned a CVSS score of 9.8, but https://access.redhat.com/security/cve/CVE-2024-52533 suggests a score of 7.0 instead. -- -Alan Coopersmith- alan.coopersm...@oracle.com Oracle Solaris Engineering - https://blogs.oracle.com/solaris
