Debian Package Tracker

From: Simon McVittie <smcv@debian.org>
To: <debian-experimental-changes@lists.debian.org> , <debian-devel-changes@lists.debian.org>
Subject: Accepted gvfs 1.40.1-3 (source) into experimental
Date: Tue, 11 Jun 2019 13:48:26 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 11 Jun 2019 12:32:45 +0100
Source: gvfs
Architecture: source
Version: 1.40.1-3
Distribution: experimental
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Changes:
 gvfs (1.40.1-3) experimental; urgency=medium
 .
   * Team upload
   * d/p/gvfsdaemon-Check-that-the-connecting-client-is-the-same-u.patch:
     Add missing authentication, preventing a local attacker from connecting
     to an abstract socket address learned from netstat(8) and issuing
     arbitrary D-Bus method calls
   * d/p/gvfsdaemon-Only-accept-EXTERNAL-authentication.patch:
     Harden private D-Bus connection by rejecting the more complicated
     DBUS_COOKIE_SHA1 authentication mechanism and only accepting EXTERNAL
Checksums-Sha1:
 b1a41ac5ec999fc908368039790b4d458002fb46 3341 gvfs_1.40.1-3.dsc
 f95630012e34d4a25f5fad3f72f91efe5155db53 54632 gvfs_1.40.1-3.debian.tar.xz
 81285e007aea4ba47ad4913bfd65b81412e99a43 18655 gvfs_1.40.1-3_source.buildinfo
Checksums-Sha256:
 7a20a55718107b724e8369570da1e4c742a88ce7a6b17ef723d6432a6c4826ab 3341 gvfs_1.40.1-3.dsc
 1eeaaa76dfb57bf6d567ad2a1da58df6b2de6e43b3dea95f65b0fe0a2bb96efc 54632 gvfs_1.40.1-3.debian.tar.xz
 20766112611dd4269d79abc6ec87135b0efe0a06060a71d29ff6b8bb178d75f7 18655 gvfs_1.40.1-3_source.buildinfo
Files:
 def6d6b804cb3b2601d85bbc28787b1d 3341 gnome optional gvfs_1.40.1-3.dsc
 5a569abcc4dbfa59e4afc878c93c57e7 54632 gnome optional gvfs_1.40.1-3.debian.tar.xz
 d31d96c062beb29c649f64fef4d0b7d9 18655 gnome optional gvfs_1.40.1-3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAlz/q80ACgkQ4FrhR4+B
TE/LZg/+NtcOccAwJTOjfilwdl5JGzx76YsxF1t3kXXhGlMQqi9nL1gSLfSrtCJe
RLyu+dnjT0s6DyStv8b00S2YQYj+wIQVr2IXyvps5UNtErJgvr1dW08pO76fcZWm
Vh3BxTXPAVQqMYs9btDOHsL3J0N/f0V1umpscd5l4AyVED4lcEgVOFhY9jsMZnyy
jaJnE+PIxL4wn7uu67zvrAKbBemWNnmsotpQRDHW3ardOP6jiZq0MPTorKDs9sHj
DvVfltrx6q48cmPpmL01IIglU2fEgCM3FEd2t8VPk5CugycOxYG17b4wzyF5NtWQ
nzyDhqbJWfNgBh/fkxAvJ73pMNjxLNI3Mn3n8KXi5K5jYbgMqvLz1LhHW9BXbcpc
P17IiTEmVWz2SMOTv9sd8X61VxKuXbvcqCB97C+JUhUse4M6VbOBLQ8EKUUdOBdn
j81IIYf/Qr7SdCXIy9vrSRoCPX99YVwjoZq1qYnHSSzF0TivdStHJ92uqiqCnWtO
kZpRKN913Cg5yxHMWQ2JkKD6BJwWcLyljn3aQQhyk3PNcjddjPrEvVQVz0SbmpuU
31Nk5JAodwGvQFh9bDLkKIhub6jsdwLBgw96NtfsLnMi1K+QzR7D6SaskSFDudVv
boy/9J+4/niQ3D3oS8PFoqxGS7TMO5eTxImQrvOTZgH6q1gdJ84=
=a0Wg
-----END PGP SIGNATURE-----

News for package gvfs