-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 09 Jun 2019 21:34:34 +0100 Source: dbus Architecture: source Version: 1.12.16-1 Distribution: unstable Urgency: medium Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org> Changed-By: Simon McVittie <smcv@debian.org> Changes: dbus (1.12.16-1) unstable; urgency=medium . * New upstream stable release - CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1 authentication for identities that differ from the user running the DBusServer. Previously, a local attacker could manipulate symbolic links in their own home directory to bypass authentication and connect to a DBusServer with elevated privileges. The standard system and session dbus-daemons in their default configuration were immune to this attack because they did not allow DBUS_COOKIE_SHA1, but third-party users of DBusServer such as Upstart could be vulnerable. Checksums-Sha1: b8c94436dacb58a3993f0bd97eca34535756b4cb 3752 dbus_1.12.16-1.dsc 06e3412a7d9c7e345bfcfb027016c634e20f7ece 2093296 dbus_1.12.16.orig.tar.gz 29f8332a0ad9fa7d4f2adaa99c1936e308e79933 833 dbus_1.12.16.orig.tar.gz.asc 0f8a973ade5d9de843e602b0cb69e36a29c5283d 64052 dbus_1.12.16-1.debian.tar.xz bd6a6a2a87e921ee689c2211892476d0bef0e08f 7064 dbus_1.12.16-1_source.buildinfo Checksums-Sha256: 86a42029448c3ef881d351db0d298b2d6ecd260110e06b815b520eed63749749 3752 dbus_1.12.16-1.dsc 54a22d2fa42f2eb2a871f32811c6005b531b9613b1b93a0d269b05e7549fec80 2093296 dbus_1.12.16.orig.tar.gz 5906e4cb235e8a3a88f5f0566b7775b065dc3e14683c2c379af86b4f428042f9 833 dbus_1.12.16.orig.tar.gz.asc 61376d1420c56f81538bc3d5dc3492d9ee08714f69d0cbed804d28fc14421e1f 64052 dbus_1.12.16-1.debian.tar.xz 9a4c2d1a803aabefed29a435e92a3c0d449ffb201474732440421161dfc59a7e 7064 dbus_1.12.16-1_source.buildinfo Files: 70e259270a693ebf252b425327789532 3752 admin optional dbus_1.12.16-1.dsc 2dbeae80dfc9e3632320c6a53d5e8890 2093296 admin optional dbus_1.12.16.orig.tar.gz 127466044bdd38aee9a119b23fc3f0e3 833 admin optional dbus_1.12.16.orig.tar.gz.asc fbac40d161673f617e36bcdef664966b 64052 admin optional dbus_1.12.16-1.debian.tar.xz 6260ac6d2fcf54ba3262b8920176b7cc 7064 admin optional dbus_1.12.16-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAlz/xF4ACgkQ4FrhR4+B TE96IxAAiK4DxG9zOdq+5AhYDDXKquPWA6kEOKsEBK8Mx9KAkI8sFaoAfyqa7bS6 qVxrCGjFjq/f6VxSZ/sqe1Eeydit1pDiGVk/TRy21ooJk3wPSKclr1T77gUAFnUm pUiLihRWh1Fj+Jk/bGKoW3wjf7CZBW5ZXwlUknFDhETQU6GBb74aQLSqnkMMXR8r /iZY6gHclvYmbAoniYb5TWPRw9qDsrJd1qWfxATm5lfEgkBwQgjR6l4HqdHej95k r7jme6WJxqg/hcajkSMh256RpB+VaJqFayeRNvsRmUdAA/6invpTzivvJYiT8xr5 gLs7hHWCzL5QlVXYN+TghvSHtZO1nL87H4oJssVHJkPM5gfFohOyB0X3sSZn7phi O+WXrUJGkq/7FvKosCYvoSxXOwQrWqQHqe5TYsWJsdmFEmI6AWP1vzl0RrUOzjCl VBlhrcWz1aVMTuTe66yOTCBqBpqR/wl2w9P6XUxnKl01UgfFLyn3vZZB2ytFT/fS ebEoMdwsFawJBnVooOhRQkbW21+TTWOlGNUeHgNFfHe6kgucmdRJFB9nWo1fVtp5 JwS8VShJrsDpTNEqTCMjJS9egtL9tLhHi8pQvFoNhThyhDxyIhIh+vKmzI5NULDG Y/q3NL26v33ryQo/L3qFqNUGdHlB6FdZNPzYKn4DBjM+6ABNaN0= =pW4X -----END PGP SIGNATURE-----