CVE-2024-52533: Buffer overflow in socks proxy code in glib < 2.82.1

[Alan Coopersmith <alan.coopersmith () oracle com>]

Another CVE was issued by Mitre yesterday for another bug listed on
 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home

https://gitlab.gnome.org/GNOME/glib/-/issues/3461 reports that:
"set_connect_msg() receives a buffer of size SOCKS4_CONN_MSG_LEN but it writes
 up to SOCKS4_CONN_MSG_LEN + 1 bytes to it. This is because SOCKS4_CONN_MSG_LEN
 doesn't account for the trailing nul character that set_connect_msg() appends
 after the hostname."

The fix was made by https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4281
which was then backported to the glib-2.82.1 release made on Sep. 19.

https://www.cve.org/CVERecord?id=CVE-2024-52533 says that NVD has assigned
a CVSS score of 9.8, but https://access.redhat.com/security/cve/CVE-2024-52533
suggests a score of 7.0 instead.

--
        -Alan Coopersmith-                 alan.coopersmith () oracle com
         Oracle Solaris Engineering - https://blogs.oracle.com/solaris