{"id":"MGASA-2021-0162","summary":"Updated glib2.0 packages fix security vulnerability","details":"An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace()\nis used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is\na dangling symlink, it incorrectly also creates the target of the symlink\nas an empty file, which could conceivably have security relevance if the\nsymlink is attacker-controlled. (If the path is a symlink to a file that\nalready exists, then the contents of that file correctly remain unchanged.)\n(CVE-2021-28153)\n","modified":"2026-04-16T04:44:10.990844680Z","published":"2021-03-30T20:08:49Z","upstream":["CVE-2021-28153"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0162.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28612"},{"type":"REPORT","url":"https://gitlab.gnome.org/GNOME/glib/-/issues/2325"}],"affected":[{"package":{"name":"glib2.0","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/glib2.0?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.66.8-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0162.json"}},{"package":{"name":"mingw-glib2","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/mingw-glib2?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.66.8-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0162.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}