Debian Package Tracker

From: Simon McVittie <smcv@debian.org>
To: <debian-experimental-changes@lists.debian.org> , <debian-devel-changes@lists.debian.org>
Subject: Accepted dbus 1.13.12-1 (source) into experimental
Date: Tue, 11 Jun 2019 18:48:29 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 09 Jun 2019 21:33:03 +0100
Source: dbus
Architecture: source
Version: 1.13.12-1
Distribution: experimental
Urgency: medium
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Changes:
 dbus (1.13.12-1) experimental; urgency=medium
 .
   * New upstream development release
     - CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
       authentication for identities that differ from the user running the
       DBusServer. Previously, a local attacker could manipulate symbolic
       links in their own home directory to bypass authentication and
       connect to a DBusServer with elevated privileges. The standard
       system and session dbus-daemons in their default configuration were
       immune to this attack because they did not allow DBUS_COOKIE_SHA1,
       but third-party users of DBusServer such as Upstart could be
       vulnerable.
Checksums-Sha1:
 317255bd413368ee85ef9dfbfed26aaf277cb664 3775 dbus_1.13.12-1.dsc
 85e86694d14e872c3a83b79a0c60063f33baaba7 1339784 dbus_1.13.12.orig.tar.xz
 ab2a6bf8d1f5dcf836dc6084077118986c45bcfe 833 dbus_1.13.12.orig.tar.xz.asc
 09d796024aee884eba5ec6a53444cfd23f2c85a1 64120 dbus_1.13.12-1.debian.tar.xz
 6d98a930fcf208007f24034e9b6312b87b5a2563 7064 dbus_1.13.12-1_source.buildinfo
Checksums-Sha256:
 a6bbc53308f5895be6cb38d120cf644f74a922e9990372cc503a82e258269e90 3775 dbus_1.13.12-1.dsc
 7588649b56dd257c6a5f85a8c45aa2dfdf9e99f4de3983710f452081ca43eca6 1339784 dbus_1.13.12.orig.tar.xz
 53171f15abbcd1f0792b3765fbade026fccb352e1f605fe69a01a587a1e3f67c 833 dbus_1.13.12.orig.tar.xz.asc
 88f87474766db47ad7452d8970f4a9aca257e8749cbc4c4cfbe00ee8f3dd3677 64120 dbus_1.13.12-1.debian.tar.xz
 f9a477b40b367ea9739dcc074b969da927c322d24dfaa7b8cfa4b7972eee8bd8 7064 dbus_1.13.12-1_source.buildinfo
Files:
 eab36072a37ee156502ceb61bde73f17 3775 admin optional dbus_1.13.12-1.dsc
 f6f08cf22dbc465db7a1b31a79fd2462 1339784 admin optional dbus_1.13.12.orig.tar.xz
 9a35838b9e243d76ffcc152257451ad5 833 admin optional dbus_1.13.12.orig.tar.xz.asc
 2ad89f43e3444ac77a94067b71fc5c90 64120 admin optional dbus_1.13.12-1.debian.tar.xz
 4d6b9cd877716ca2340fdffb79ded9f2 7064 admin optional dbus_1.13.12-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAlz/8ioACgkQ4FrhR4+B
TE+TkA//ahb6KCv/ZSB6VeC80yOMhVEtaWKftMuIexn7p91WIZa4btgUPwp38fQ3
5ZpRG6lJSRk05orSTH7C5fPcRFkMxf6BsOFAIBGe8x5ysqlmJ+vvGLP4tdcnolCw
Ozwnh8CnxsyiGUozNLV46kT0vK34L4f+BjwqvY8O5Kz5i08eVXtjrr8v1LJwlwDi
hR2yeHe6gngptoaY7/JYTy/mckfwnIgIpC4O7OxI7arRihq32loCfDUHs+63hQbF
Sz9q3en/V3L/fh5VHKaXO0ccv63B4CTGD+/V/JkUscwWmkVDTYobLFq4ECnSWUO1
OqK5Wekc84KIaGZf0f9VDrp9g3FW+P/Z8xTqiKNQkoq/oljVfoXiDc2wPVvEgJAo
eoAJDQqc2hBrTQp0E36Oi9AzWita4OEQ210ijA7+ZTPnYxBG1vfuSKJcF+0fx97v
KcI4af6ylEPByh+bCC4Ygtl3LbQmSq4y4EQeNj0oiPZkAxiFlhkzwHkArvb6xoNs
HgizS4dMcg01h5LahhJ3POUlBmfTYNZ4XaHSwNbI990DgvoSXuvJS/vkcuTIDb5+
jEmNnI5D3uOLizs/9IWfyKKjLgE99VKMWe1ss4gB+XOddnUu/5/zVcWlHXe0jUCk
NJMbRbf3pNqfDkj3PvP+iYGio0LGywwaFpuMKAU6dmTjxSzNu/Y=
=nXu3
-----END PGP SIGNATURE-----
News for package dbus
