[ubuntu/eoan-proposed] dbus 1.12.14-1ubuntu2 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Tue Jun 11 17:26:13 UTC 2019
dbus (1.12.14-1ubuntu2) eoan; urgency=medium
* SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
- d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
reject DBUS_COOKIE_SHA1 for users other than the server owner in
dbus/dbus-auth.c.
- d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
add basic test coverage for DBUS_COOKIE_SHA1 in
dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
test/data/auth/cookie-sha1-username.auth-script,
test/data/auth/cookie-sha1.auth-script.
- CVE-2019-12749
Date: Tue, 11 Jun 2019 13:04:53 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/dbus/1.12.14-1ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 11 Jun 2019 13:04:53 -0400
Source: dbus
Architecture: source
Version: 1.12.14-1ubuntu2
Distribution: eoan
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
dbus (1.12.14-1ubuntu2) eoan; urgency=medium
.
* SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
- d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
reject DBUS_COOKIE_SHA1 for users other than the server owner in
dbus/dbus-auth.c.
- d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
add basic test coverage for DBUS_COOKIE_SHA1 in
dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
test/data/auth/cookie-sha1-username.auth-script,
test/data/auth/cookie-sha1.auth-script.
- CVE-2019-12749
Checksums-Sha1:
aef7fdd4baebc81a97408602c055bb929948f55a 3859 dbus_1.12.14-1ubuntu2.dsc
7e3de2e2cf46b61b9b8fe807ba1ce87fdfe4ac8d 70444 dbus_1.12.14-1ubuntu2.debian.tar.xz
ffa592a90620630120493444e2c2e937fdcdb314 7913 dbus_1.12.14-1ubuntu2_source.buildinfo
Checksums-Sha256:
721e355668282380dc91e529d07711fe2a8a170fc44704fae9c3288f2e24092a 3859 dbus_1.12.14-1ubuntu2.dsc
8bad16ca368276e432cdf7a8c25398eae835e0fc27cfdb31745c4c970555bfe4 70444 dbus_1.12.14-1ubuntu2.debian.tar.xz
60f5de48b5bce11b2ab5e8964f34fe775fed329271e8c2c2670ed8f33ecdb198 7913 dbus_1.12.14-1ubuntu2_source.buildinfo
Files:
81db3155cf8c934369ecfb426ebd6f4f 3859 admin optional dbus_1.12.14-1ubuntu2.dsc
72a77906b600fda09561cfac95bc0363 70444 admin optional dbus_1.12.14-1ubuntu2.debian.tar.xz
626c7814dcdf8258438506115cbb6dda 7913 admin optional dbus_1.12.14-1ubuntu2_source.buildinfo
Original-Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlz/4icACgkQZWnYVadE
vpP8lw//fm5vbyVSAqcAlOj1vCneZuINYs6WNhSTqxciK7OtFFj9dpSMFrKI7j3D
Dc5BLF4Rv4aFBxuZd/FSOIf7JVuDe0b1/jmK/z6FotDmeajPT+8eG8vkS94hhX9W
NYMGRTDwY5/3IisC/2g3t8CjmkQ1LQbyXtFEcZh8fQgU+G1qv4KnEA5SSScOlDgd
/P4ejaPeQhaupJauqv/zNnmpU3BiL71ve/5TMRmihmRjtbqVyRLMfFqy4ehyYtOG
SVwyXfFpALjy199akGaZpatePEK4E57pwTutMKHL2nIjkNJovbNlujZ6tKmGJV0t
qpEBtLK0OWXlD55LDIWgC1+s8D80imM7XRlM48/MJ7orjOYQVOPA755u052Ljxqp
Rn1mXvba/EvqKLcJ53kJUqYlgNOS2O2K21Sa/n8bp/E7RwOYCDlU9woD04iCmsjd
jX3KsOg6Z3ItuEAiU+mM+sk8tw5I2/7MWFwY/QJANdO80h+SV3ZnTWwLeNXj+hnk
HqpTJAbjYV1bz5IYU12PhKay9CeqJXfR3p2B3XT2mc1pPcooquJ+lL3BIV489A6L
v6QZxZakYQcjgcNnUhNG/1xFpID0cyl6mCTdrPkogFFcjg3kmK3HesLexdzZ89Cq
4RMgDoZipAv+F+KThYbx6hoJOMfslGq9Ez2u2egJhQFZnN0e/Rw=
=c5zs
-----END PGP SIGNATURE-----
More information about the Eoan-changes
mailing list