-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 11 Jun 2019 12:28:34 +0100 Source: gvfs Architecture: source Version: 1.38.1-5 Distribution: unstable Urgency: high Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org> Changed-By: Simon McVittie <smcv@debian.org> Changes: gvfs (1.38.1-5) unstable; urgency=high . * Team upload * d/p/gvfsdaemon-Check-that-the-connecting-client-is-the-same-u.patch: Add missing authentication, preventing a local attacker from connecting to an abstract socket address learned from netstat(8) and issuing arbitrary D-Bus method calls * d/p/gvfsdaemon-Only-accept-EXTERNAL-authentication.patch: Harden private D-Bus connection by rejecting the more complicated DBUS_COOKIE_SHA1 authentication mechanism and only accepting EXTERNAL. Checksums-Sha1: 4d5138ebd6b9623a9363b702731eeeca35e172d5 3392 gvfs_1.38.1-5.dsc 7316101276e04a1956781a65424c14394275624a 63224 gvfs_1.38.1-5.debian.tar.xz e49f2581c8ba7be0b80e0149edf4411fd13018f8 18685 gvfs_1.38.1-5_source.buildinfo Checksums-Sha256: f8178e7e3df32a0be55903ea905afa8eaf3ee437dd2a812c15de53bd2efe5fb8 3392 gvfs_1.38.1-5.dsc 2df6c06971f426a9426502fa3177abd0403ee13db5d7791bed7fb49c93efa5d6 63224 gvfs_1.38.1-5.debian.tar.xz 56e8b637480438982079661f6d01eb92c95af960456622d4c02422e666d9a77b 18685 gvfs_1.38.1-5_source.buildinfo Files: c3972cc9ecd7e6897b1a01ec3eda2cea 3392 gnome optional gvfs_1.38.1-5.dsc 2b08392fc974d6df935daefc1e40e0bc 63224 gnome optional gvfs_1.38.1-5.debian.tar.xz a8a12a40b589e5fca64d4b3ef87c8c78 18685 gnome optional gvfs_1.38.1-5_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAlz/oFQACgkQ4FrhR4+B TE/ilg//UqjbAY1CzoeOvQSRrVfpMuf8vd8CsvO7XeXiS+vSML7wBYDO0rdS6LqW 01Iynh84go8uIje+nnasbXZv5JewD/id5+95p5gvfHckNUF+hi/6kLmrTVvd1MK5 iGWVYdlEP+CqOTmQvBEVC9CXsndLtiYr4FYbkOiRkIwvvePT1EzjKJprehGfIr+X r8kk3+2pFKJemjcZqBF+r/fjjzcoXvETdavFaqbUgBKgcnqWfau9uiZRWWgHKy6I f2UtqJgNe760Ln1OTIjgk+u7Nd3LMi9YaXVI7OtYDmYG94pd++CbScCrSN1SNhaZ w65fA+tFRqhoeYvno6zJgqeJ07l1/vwp164YGWfZ2AtMtv5DyEkmEIqd6v9LW4q/ xB75atogFyy5f79hxQCsUwOgXA1g5E7r3P5g44Vm9UfqOcFKueibOFh1ermGyOMD 7ox7uA/hEEkY8XiGfqac3f2+9nI3OHeXiEQwxeIt4LEjJ6uoJRXdxQRrpPZt4c3n BKAHTWio3+SsVJARUTFCktR2WOS7w0csujGz1T061GLaTWJR+HO8kAclNsZkpcCH UuXni2p09ksv+/dh8AiTJzaDfU3sgD3XgJ0OPSpRXX1ga4rretmfrW2jtNUhHJTr KDeb1Dk24kRcQp5ShVseL5OKRkH1/tM33hyfet/ZMJvr5ewyTJw= =cEqA -----END PGP SIGNATURE-----