-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 21 Dec 2010 18:46:14 +0100 Source: dbus Binary: dbus dbus-x11 libdbus-1-3 dbus-1-doc libdbus-1-dev dbus-1-dbg Architecture: source all i386 Version: 1.2.24-4 Distribution: unstable Urgency: high Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org> Changed-By: Michael Biebl <biebl@debian.org> Description: dbus - simple interprocess messaging system dbus-1-dbg - simple interprocess messaging system (debug symbols) dbus-1-doc - simple interprocess messaging system (documentation) dbus-x11 - simple interprocess messaging system (X11 deps) libdbus-1-3 - simple interprocess messaging system libdbus-1-dev - simple interprocess messaging system (development headers) Changes: dbus (1.2.24-4) unstable; urgency=high . * debian/patches/12-CVE-2010-4352-reject-deeply-nested-variants.patch - Fixes CVE-2010-4352: sending messages with excessively-nested variants can crash the bus. The existing restriction to 64-levels of nesting previously only applied to the static type signature; now it also applies to dynamic nesting using variants. Patch cherry-picked from upstream Git. * Urgency high for the security fix. Checksums-Sha1: 638d7afbba6a15eeff140eb0448e27bf3499a2f5 2210 dbus_1.2.24-4.dsc dbd7ca0141faa94aeb784ee26e39294b9d05c500 32839 dbus_1.2.24-4.debian.tar.gz cea514dd5eb675df14405c02ec1dcba9812aa6ce 1827442 dbus-1-doc_1.2.24-4_all.deb 7025ff0bbe4e683260f245cf1082149a273faaf9 213830 dbus_1.2.24-4_i386.deb 5ff826c0992b777611497660d7601822fd0e59f4 42290 dbus-x11_1.2.24-4_i386.deb be780209e961a45fa8c2faf9f97ecb7d3b126d80 129132 libdbus-1-3_1.2.24-4_i386.deb bbef97f0f41450c45d31cb41f47033a0c58e7c06 220558 libdbus-1-dev_1.2.24-4_i386.deb 68a6b42821f14ba4cd23bc970053aef8efe74a95 771908 dbus-1-dbg_1.2.24-4_i386.deb Checksums-Sha256: 22f91efbb425812298c0440c19397eb5aa3395c64e991efa157081059a89b6ea 2210 dbus_1.2.24-4.dsc fa84615fd438323b02deb01547c9196f92983077d5e7d3d56831ffb19dfe262e 32839 dbus_1.2.24-4.debian.tar.gz a053d96a07b21922ac794ed9ea56a4fbf8c616965b7ef857a348eaec9f59fcc9 1827442 dbus-1-doc_1.2.24-4_all.deb efdc18b0982f6b004906fdcb924e7630149c2ec25fcc42c7e9bc6b338f292396 213830 dbus_1.2.24-4_i386.deb 4e1f7e5ec3671970c40e8e22d845bed78503ea102267983f1e40a8ba02f5d405 42290 dbus-x11_1.2.24-4_i386.deb e5756ee174b820c70526441e55979a6b86d7de9cf2d538e00fc45af4e84b08cb 129132 libdbus-1-3_1.2.24-4_i386.deb 534d57525ab7e2d7db183228fe193519bd76a6ef5c11c570c017ba8358a00d23 220558 libdbus-1-dev_1.2.24-4_i386.deb 62eaed0645cc95cae3aaa3a1c7e2a0f388f087dbbf4a802ada6ee42a037060a0 771908 dbus-1-dbg_1.2.24-4_i386.deb Files: c0a6168eccaf849b2b535cfb928ae139 2210 devel optional dbus_1.2.24-4.dsc b3e84992759741a0f1cc00ee1d1f6982 32839 devel optional dbus_1.2.24-4.debian.tar.gz 4231ce021ec2dec7e42c231e7c758a9d 1827442 doc optional dbus-1-doc_1.2.24-4_all.deb 0d6fc95301443fffb95719008b4988fd 213830 devel optional dbus_1.2.24-4_i386.deb 646c0e60f26b7b2be3e7c28d69760aba 42290 x11 optional dbus-x11_1.2.24-4_i386.deb cc58e7024ed9d1c1e9e49b9e3f0dae35 129132 libs optional libdbus-1-3_1.2.24-4_i386.deb ee33920b3a04eb572bf66090e37cdce6 220558 libdevel optional libdbus-1-dev_1.2.24-4_i386.deb fbe7e21a80636b403f77a8f6a10aacc1 771908 debug extra dbus-1-dbg_1.2.24-4_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJNEOk6AAoJEGrh3w1gjyLctI4P/0tA05Ywqj0z//eRAoer8SAc PecN9PqzJB3hbYUt6RIXRihTRFqRRtZnKBWWClS6gze6mXepSbUrdev7QmgrGNn0 Ifuv6bk+2q8NWz5uiPzTOw11G46+ponr9mMNfLHF0zOfXbuS9L2JQ6XHIhOY8MEC MsI5zC4VIsZfC/WM0UOwNy1Puh2QL5SD5uMcaNgPLiDkkV/nBvACSzJ4GYYESOSi 6iJwTByfTN1Z+Mux0taUmAd8jaITWMSXGXtuEJDeEetVZTRdvrpCafJLP6eEIimk sXElBg749qtOdWzzDi+h0vo/VRbgcHjoeEKm8lEVO6gfgE2YF3VG9MnU5eZMS8xP KqxN3y7AKsVKq3y0kvGNfWyS5a1BGi4Wv7Ytg4QZazdOfce/cmiehgvWPxoaDyFX uvNUx5i4+lElkTprqyR47EACpAb6FB5PMjo81R2mlUpWoTnypN7LzcbVHCxTOfdl YbueRWuutlttuCgRvaRAGQknEAxjBrFgqJJZa3Fct5YsJ4KGnKHZ8KouwT3x7GNQ AtxZzwT/FpbKtiaIfIYbiD2d74XiBrUNd84t5IIq5zaYbC06TAekSa0ctav3vudK jLi7MFtiQwiHo0mnsjFGVD6511+YWkHvevWT/B7pNPxWRYGjQLu7BzzyJCjAtLtW VJfuAMxNes/U3Diqd+Cd =Vpsc -----END PGP SIGNATURE----- Accepted: dbus-1-dbg_1.2.24-4_i386.deb to main/d/dbus/dbus-1-dbg_1.2.24-4_i386.deb dbus-1-doc_1.2.24-4_all.deb to main/d/dbus/dbus-1-doc_1.2.24-4_all.deb dbus-x11_1.2.24-4_i386.deb to main/d/dbus/dbus-x11_1.2.24-4_i386.deb dbus_1.2.24-4.debian.tar.gz to main/d/dbus/dbus_1.2.24-4.debian.tar.gz dbus_1.2.24-4.dsc to main/d/dbus/dbus_1.2.24-4.dsc dbus_1.2.24-4_i386.deb to main/d/dbus/dbus_1.2.24-4_i386.deb libdbus-1-3_1.2.24-4_i386.deb to main/d/dbus/libdbus-1-3_1.2.24-4_i386.deb libdbus-1-dev_1.2.24-4_i386.deb to main/d/dbus/libdbus-1-dev_1.2.24-4_i386.deb