-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 04 Oct 2012 08:47:10 +0100 Source: dbus Binary: dbus dbus-x11 libdbus-1-3 dbus-1-doc libdbus-1-dev dbus-1-dbg Architecture: source all i386 Version: 1.2.24-4+squeeze2 Distribution: squeeze Urgency: low Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org> Changed-By: Simon McVittie <smcv@debian.org> Description: dbus - simple interprocess messaging system dbus-1-dbg - simple interprocess messaging system (debug symbols) dbus-1-doc - simple interprocess messaging system (documentation) dbus-x11 - simple interprocess messaging system (X11 deps) libdbus-1-3 - simple interprocess messaging system libdbus-1-dev - simple interprocess messaging system (development headers) Closes: 689070 Changes: dbus (1.2.24-4+squeeze2) stable; urgency=low . * CVE-2012-3524: apply patches from upstream 1.6.6 to avoid arbitrary code execution in setuid/setgid binaries that incorrectly use libdbus without first sanitizing the environment variables inherited from their less-privileged caller (Closes: #689070). - As per upstream 1.6.8, do not check filesystem capabilities for now, only setuid/setgid, fixing regressions in certain configurations of gnome-keyring Checksums-Sha1: eac32b869c61bd5d847be756a340fe7cd5a7d23e 2186 dbus_1.2.24-4+squeeze2.dsc 94ee1a0ac39aeffd1e376ef7029d35afd7a60179 37961 dbus_1.2.24-4+squeeze2.debian.tar.gz b00fc229b77fd00cbc3fb825cc650431c69c2d73 1837900 dbus-1-doc_1.2.24-4+squeeze2_all.deb 6f4f5ea0851ace56f03acb222c19071f9599d239 213666 dbus_1.2.24-4+squeeze2_i386.deb 4e501b3ac3d77e35edbf4d6366ca6dbd05e9ae60 42564 dbus-x11_1.2.24-4+squeeze2_i386.deb ab10693f2ec6a50fd07dc9863b07fa78d9305cc8 130512 libdbus-1-3_1.2.24-4+squeeze2_i386.deb 99c8cdfd13bce8df56770c670230f7887820d7b0 221096 libdbus-1-dev_1.2.24-4+squeeze2_i386.deb e73b75d59d6eed63f7aa8616dd8cfdc9fca0001a 770860 dbus-1-dbg_1.2.24-4+squeeze2_i386.deb Checksums-Sha256: 6660bed259a4bbb5e15788bf305c8b2465acb2a33dbb1d01f23d6fca2ac5cfd0 2186 dbus_1.2.24-4+squeeze2.dsc a32dd583f3cc6a5aef6897e8b792510c21092d1b0d5655c2755b0af4be855964 37961 dbus_1.2.24-4+squeeze2.debian.tar.gz 87a4669d904f843c0037d23a9b68b0d1283aa93179b9ca06c384c3b7756bc743 1837900 dbus-1-doc_1.2.24-4+squeeze2_all.deb 2c4e9aa80db1d0eb95b55b7373975a5c4dacdccd6da056a700c14aef630aac25 213666 dbus_1.2.24-4+squeeze2_i386.deb 0563cf55a3a03904827db461f35269465ad0a8ab5c6d92889ead5cc5540e22e8 42564 dbus-x11_1.2.24-4+squeeze2_i386.deb bb9e6cca67fcc5b6c27c4674d89d862da0e5ea8eb66b4c8833b0daacdf3138fe 130512 libdbus-1-3_1.2.24-4+squeeze2_i386.deb 7457a9d32a5ae686841f3099b2813e965b8d09e32dc7c04b5efb171ce51349ad 221096 libdbus-1-dev_1.2.24-4+squeeze2_i386.deb 82f2ea80d494f73abaf9273c10bb1bcbe0fd77ceed7213bcf550f2e31ecc72fe 770860 dbus-1-dbg_1.2.24-4+squeeze2_i386.deb Files: d2bb0c9a9cbbef845d579c34291c50c2 2186 devel optional dbus_1.2.24-4+squeeze2.dsc 7bb2156d28f38454813c32bf48c98557 37961 devel optional dbus_1.2.24-4+squeeze2.debian.tar.gz 1754df1871da923df3f85ec308213901 1837900 doc optional dbus-1-doc_1.2.24-4+squeeze2_all.deb bfd457341ce560037613cfd493de300d 213666 devel optional dbus_1.2.24-4+squeeze2_i386.deb 8d287c2ff8e57960fb4f2af337616789 42564 x11 optional dbus-x11_1.2.24-4+squeeze2_i386.deb 762242a9e0f39aaf41e0b5bf66c0b99c 130512 libs optional libdbus-1-3_1.2.24-4+squeeze2_i386.deb 230538d9a0d7c304c6a7b62720790a9c 221096 libdevel optional libdbus-1-dev_1.2.24-4+squeeze2_i386.deb e6d06ad29e9d581c80b4b615595c4349 770860 debug extra dbus-1-dbg_1.2.24-4+squeeze2_i386.deb -----BEGIN PGP SIGNATURE----- iQIVAwUBUPHKrk3o/ypjx8yQAQj6hRAAlk+smNsRE6y6j9AynXNX3eyv8B0E7f+v Wpqyr2i2nRZ3aRpGRsJFva0zyW9yvATr10es9hNMdTCyE+k53el8KYVb4xlwF+KL o5SZgXPjUzfnjeSlD0LM+me5axp+2nVhUQweDSF2K9/3OMdbitTJAFb8POpd0hRL Wmm8TQUzBtfewyMS0YFHFouUcBSXO7T9tkefNEoMjmqePRNa79kkXYp8wgivdD7h eZ3XUI9VPi1o4t6759H8ddxYHMQ5VKskfrPSPaQr5jcfLQ1aBfLVYyy0pLW1rATB R3VZwAXQt6ohhHLHkLrRrlyK6jOSGTTPRm5vXEflsyVutM11w3TVUws8Tkyu2ajr /vOzm8l9BN6667exRYTxcV46aow5bA/+LoXz7gjbYUzZCqY+jd1gzM+BjRAo22dG VMUcL1jBz9sY5n0OhKeueJq3vfB7p5wmbBRutJsh9O5O2/H2XDY0I464yIwpaEdy eDVa+Xgysh8hHy5GBItwed7N6rK2FHNKaFMctAbpGxBOfd0xadu3xzNpvrBvaUPa 3A8b1/aFSQjkifW7zCRJwerES+9Z4rbzPKv1RZTdACqcGXQWAJIEn1WnsvvFS9tM egA/qhwvpZYkZYKPvO6nwpbXnLJv87xFmRhXzMaZyDP1uT8nTc8X+UltQYA2MHcc 9OQdGsqaoYg= =stEJ -----END PGP SIGNATURE-----