[ubuntu/xenial-security] dbus 1.10.6-1ubuntu3.4 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Jun 11 16:34:13 UTC 2019
dbus (1.10.6-1ubuntu3.4) xenial-security; urgency=medium
* SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
- d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
reject DBUS_COOKIE_SHA1 for users other than the server owner in
dbus/dbus-auth.c.
- d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
add basic test coverage for DBUS_COOKIE_SHA1 in
dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
test/data/auth/cookie-sha1-username.auth-script,
test/data/auth/cookie-sha1.auth-script.
- CVE-2019-12749
dbus (1.10.6-1ubuntu3.3) xenial; urgency=medium
* debian/dbus.user-session.upstart:
- Temporarily revert latest changes as those seem to cause issues in the
unity8 session on touch (LP: #1654241).
dbus (1.10.6-1ubuntu3.2) xenial; urgency=medium
[ Iain Lane ]
* debian/dbus.user-session.upstart: Backport zesty's version - don't launch
a duplicate session bus if there already is one (dbus-user-session). (LP:
#1644323)
[ Ćukasz 'sil2100' Zemczak ]
* debian/patches/make-uid-0-immune-to-timeout.patch:
- Backport fix proposed by Simon McVittie upstream to workaround bug
LP: #1591411.
Date: 2019-06-10 19:41:12.626700+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/dbus/1.10.6-1ubuntu3.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list