SUSE-SU-2026:20074-1

This update for glib2 fixes the following issues:

Update to version 2.84.4.

Security issues fixed:

• CVE-2025-14512: integer overflow in the GIO escape_byte_string() function when processing malicious files or remote filesystem attribute values can lead to denial-of-service (bsc#1254878).
• CVE-2025-14087: buffer underflow in the GVariant parser bytestring_parse() and string_parse() functions when processing attacker-influenced data may lead to crash or code execution (bsc#1254662).
• CVE-2025-13601: heap-based buffer overflow in the g_escape_uri_string() function when processing strings with a large number of unacceptable characters may lead to crash or code execution (bsc#1254297).
• CVE-2025-7039: integer overflow when creating temporary files may lead to an out-of-bounds memory access that can be used for path traversal or exposure of sensitive content in a temporary file (bsc#1249055).

Other issues fixed and changes:

• Fix GFile leak in g_local_file_set_display_name during error handling.
• Fix incorrect output parameter handling in closure helper of g_settings_bind_with_mapping_closures.
• gfileutils: fix computation of temporary file name.
• Fix GFile leak in g_local_file_set_display_name().
• gthreadpool: catch pool_spawner creation failure.
• gio/filenamecompleter: fix leaks.
• gfilenamecompleter: fix g_object_unref() of undefined value.