Upstream fix: https://gitlab.gnome.org/GNOME/glib/-/commit/e2ed5efc0e228914af0ae6d9e8b8c3b9787e6799

Whiteboard: (none) => MGA9TOO
Status comment: (none) => Fixed upstream in 2.84.2 and patch available from upstream and Ubuntu
Source RPM: (none) => glib2.0-2.84.1-1.mga10.src.rpm, glib2.0-2.76.3-1.3.mga9.src.rpm
CVE: (none) => CVE-2025-4373

Suggested advisory:
========================

The updated packages fix a security vulnerability:

Buffer underflow on glib through glib/gstring.c via function g_string_insert_unichar. (CVE-2025-4373)

References:
https://ubuntu.com/security/notices/USN-7532-1
========================

Updated packages in core/updates_testing:
========================
glib-gettextize-2.76.3-1.4.mga9
glib2.0-common-2.76.3-1.4.mga9
glib2.0-tests-2.76.3-1.4.mga9
lib(64)gio2.0_0-2.76.3-1.4.mga9
lib(64)glib2.0-devel-2.76.3-1.4.mga9
lib(64)glib2.0-static-devel-2.76.3-1.4.mga9
lib(64)glib2.0_0-2.76.3-1.4.mga9

from SRPM:
glib2.0-2.76.3-1.4.mga9.src.rpm

Whiteboard: MGA9TOO => (none)
Status comment: Fixed upstream in 2.84.2 and patch available from upstream and Ubuntu => (none)
Assignee: bugsquad => qa-bugs
Version: Cauldron => 9
Status: NEW => ASSIGNED
Source RPM: glib2.0-2.84.1-1.mga10.src.rpm, glib2.0-2.76.3-1.3.mga9.src.rpm => glib2.0-2.76.3-1.3.mga9.src.rpm

RH x86_64

installing lib64glib2.0_0-2.76.3-1.4.mga9.x86_64.rpm glib2.0-common-2.76.3-1.4.mga9.x86_64.rpm lib64gio2.0_0-2.76.3-1.4.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/3: lib64glib2.0_0        ##################################################################################################
      2/3: lib64gio2.0_0         ##################################################################################################
      3/3: glib2.0-common        ##################################################################################################
      1/3: removing glib2.0-common-2.76.3-1.3.mga9.x86_64
                                 ##################################################################################################
      2/3: removing lib64gio2.0_0-2.76.3-1.3.mga9.x86_64
                                 ##################################################################################################
      3/3: removing lib64glib2.0_0-2.76.3-1.3.mga9.x86_64
                                 ##################################################################################################

strace pidgin show
openat(AT_FDCWD, "/lib64/libglib-2.0.so.0", O_RDONLY|O_CLOEXEC) = 3

pidgin works

strace audacity shows
openat(AT_FDCWD, "/lib64/libglib-2.0.so.0", O_RDONLY|O_CLOEXEC) = 3

audacity works

MGA9-64 Plasma Wayland on Compaq H000SB
No installation issues, installed audacity alongside.
Opened .wavfile in audacity, played it, used the amplify effectto reduce the volume, played again. The effect was effective.
I couldn't help a minor snag, but that was the same with the current glib ass with the update: The pointer that should show where you are in the file during playback, does not move unless you movve the mouse pointer over and off the toolbar.
But this does not seem a regression, so OK.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA9-64-OK

The pointer issue is a Plasma Wayland issue, it works perfectly under Plasma X11

(In reply to Herman Viaene from comment #5)
> The pointer issue is a Plasma Wayland issue, it works perfectly under Plasma
> X11

One of many. Plasma Wayland for MGA9 is still a work in progress. Perhaps Plasma 6 in MGA10 will be better. In the meantime, I'm validating this update.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0173.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED