-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 18 Jun 2009 06:12:34 +0200 Source: dbus Binary: dbus dbus-x11 libdbus-1-3 dbus-1-doc libdbus-1-dev Architecture: source all i386 Version: 1.2.1-5+lenny1 Distribution: stable-security Urgency: high Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org> Changed-By: Michael Biebl <biebl@debian.org> Description: dbus - simple interprocess messaging system dbus-1-doc - simple interprocess messaging system (documentation) dbus-x11 - simple interprocess messaging system (X11 deps) libdbus-1-3 - simple interprocess messaging system libdbus-1-dev - simple interprocess messaging system (development headers) Closes: 532720 Changes: dbus (1.2.1-5+lenny1) stable-security; urgency=high . * debian/patches/52-CVE-2009-1189.patch - Security: The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834 Closes: #532720 Fixes: CVE-2009-1189 * Urgency high for the security fix. Checksums-Sha1: cb786094e2c5f84f8debd3f3689502ff47dbb415 1608 dbus_1.2.1-5+lenny1.dsc 2c5b38d51b486e0143faf7749d298e07a8c71223 1406833 dbus_1.2.1.orig.tar.gz 00c1dca59e66dc869d7fda75f3966faefe65e3a7 39470 dbus_1.2.1-5+lenny1.diff.gz d91d2bbb214b730ecbe1cd4723f0f2abea81c334 1830232 dbus-1-doc_1.2.1-5+lenny1_all.deb f49025e8f7037851ddaa977e0e958a64600fd6a6 230180 dbus_1.2.1-5+lenny1_i386.deb 3d60281a46b9c81d7641c8b483801e6ac14e9c0f 64064 dbus-x11_1.2.1-5+lenny1_i386.deb 914731485a0c002bc7d10764ac5d8929a7aad8fa 148370 libdbus-1-3_1.2.1-5+lenny1_i386.deb 1e887a4570b976a994fad61a5356cd1b4ff39df2 235620 libdbus-1-dev_1.2.1-5+lenny1_i386.deb Checksums-Sha256: e87773cd23970ba061e1293a50f8984dae5b1f353143bd758f56b8a61b6b1778 1608 dbus_1.2.1-5+lenny1.dsc 8016540602189e1dca6aca6b7c0735706387e4f85ced75217c6a874980fd0e86 1406833 dbus_1.2.1.orig.tar.gz b8808ce29aac824b69a0e80870970415820520e754fc1ff0a25b0b3d892df5db 39470 dbus_1.2.1-5+lenny1.diff.gz cf29d785b4cb4f6830dab13b8adc2611424f35821f313214b427fd79a8e88b2d 1830232 dbus-1-doc_1.2.1-5+lenny1_all.deb d974b3d263993fd96a920404c8d144fc7f72ce7fe884d23a78de28780cf23b55 230180 dbus_1.2.1-5+lenny1_i386.deb 0f9ad985e7019072770652b51e104fd96375302e39260b8e73474d0437cf95cb 64064 dbus-x11_1.2.1-5+lenny1_i386.deb 3a9714642675aad7b1bc4178a09e00aa1ff825ab08e3921ee0e2e4870d874d74 148370 libdbus-1-3_1.2.1-5+lenny1_i386.deb 63c61f6f7c737867d81193693a452f94989bd4bb08e55f5a21ad51e1dd6c7d31 235620 libdbus-1-dev_1.2.1-5+lenny1_i386.deb Files: e084fe269b41c84cdeaafae2b2633e9f 1608 devel optional dbus_1.2.1-5+lenny1.dsc b57aa1ba0834cbbb1e7502dc2cbfacc2 1406833 devel optional dbus_1.2.1.orig.tar.gz 6b875822ae5036ba8bf83f2fae11fbf0 39470 devel optional dbus_1.2.1-5+lenny1.diff.gz 317e72d84e019f0006d84e9579fa4b66 1830232 doc optional dbus-1-doc_1.2.1-5+lenny1_all.deb 7ca48ece6eb966598f45394fa6f61ecb 230180 devel optional dbus_1.2.1-5+lenny1_i386.deb 64e2b9c17836231e7abc0aff34690001 64064 x11 optional dbus-x11_1.2.1-5+lenny1_i386.deb a6fef063aace9660fcd7b518a1658299 148370 libs optional libdbus-1-3_1.2.1-5+lenny1_i386.deb ac4307dc10c03340beeb13eefac1f600 235620 libdevel optional libdbus-1-dev_1.2.1-5+lenny1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpD8WoACgkQh7PER70FhVTGXgCffMJZNkChf5Ao5UCvaIMQ6b2/ MgIAn3sWIsIH19vnNh/64OaGNVIK93Gr =2R2o -----END PGP SIGNATURE----- Accepted: dbus-1-doc_1.2.1-5+lenny1_all.deb to pool/main/d/dbus/dbus-1-doc_1.2.1-5+lenny1_all.deb dbus-x11_1.2.1-5+lenny1_i386.deb to pool/main/d/dbus/dbus-x11_1.2.1-5+lenny1_i386.deb dbus_1.2.1-5+lenny1.diff.gz to pool/main/d/dbus/dbus_1.2.1-5+lenny1.diff.gz dbus_1.2.1-5+lenny1.dsc to pool/main/d/dbus/dbus_1.2.1-5+lenny1.dsc dbus_1.2.1-5+lenny1_i386.deb to pool/main/d/dbus/dbus_1.2.1-5+lenny1_i386.deb libdbus-1-3_1.2.1-5+lenny1_i386.deb to pool/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_i386.deb libdbus-1-dev_1.2.1-5+lenny1_i386.deb to pool/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_i386.deb
