-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 15 Sep 2014 12:58:25 +0100 Source: dbus Binary: dbus dbus-udeb dbus-x11 libdbus-1-3 libdbus-1-3-udeb dbus-1-doc libdbus-1-dev dbus-1-dbg Architecture: source amd64 all Version: 1.8.8-1 Distribution: unstable Urgency: medium Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org> Changed-By: Simon McVittie <smcv@debian.org> Description: dbus - simple interprocess messaging system (daemon and utilities) dbus-1-dbg - simple interprocess messaging system (debug symbols) dbus-1-doc - simple interprocess messaging system (documentation) dbus-udeb - simple interprocess messaging system (minimal runtime) (udeb) dbus-x11 - simple interprocess messaging system (X11 deps) libdbus-1-3 - simple interprocess messaging system (library) libdbus-1-3-udeb - simple interprocess messaging system (minimal library) (udeb) libdbus-1-dev - simple interprocess messaging system (development headers) Changes: dbus (1.8.8-1) unstable; urgency=medium . [ Michael Biebl ] * Don't attempt config reload if dbus system bus is not running. . [ Simon McVittie ] * Bump dbus up to Priority: standard because without it, systemd-logind does not run a getty on tty2..tty6 (matching ftp-master action in #759293) * New upstream release fixes several security issues - CVE-2014-3635: do not accept an extra fd in cmsg padding, avoiding a buffer overrun in dbus-daemon or system services - CVE-2014-3636: reduce maximum number of file descriptors per message from 1024 to 16, to avoid two separate denial-of-service attacks that could cause system services to be dropped from the bus - CVE-2014-3637: time out connections that have a partially-sent message containing a file descriptor, so that malicious processes cannot use self-referential file descriptors to make a connection that will never close - CVE-2014-3638: reduce maximum number of pending replies per connection to avoid algorithmic complexity DoS - CVE-2014-3639: reduce timeout for authentication and do not accept() new connections when all unauthenticated connection slots are in use, so that malicious processes cannot prevent new connections to the system bus * debian/copyright: fix glob syntax, .[ch] is not supported Checksums-Sha1: 9b7569de0eb31d7129a99785da6b3ec5d1d32985 2886 dbus_1.8.8-1.dsc e0d10e8b4494383c7e366ac80a942ba45a705a96 1864881 dbus_1.8.8.orig.tar.gz c44aa68e873ef44ee4b62fd376f7f4b15066bae9 36048 dbus_1.8.8-1.debian.tar.xz c6cf38779da4dafe7b7a6c67efbd3b7e4ee52ad4 284876 dbus_1.8.8-1_amd64.deb 343cc558df300f4f618ee89a994c0659f7414a27 141936 dbus-udeb_1.8.8-1_amd64.udeb 773234dc9b82342adae299c2587113b70d645a3f 69316 dbus-x11_1.8.8-1_amd64.deb 31e167e66eb7c37cbabf5c632f82bcd7a0473953 165812 libdbus-1-3_1.8.8-1_amd64.deb 9a8afd5ab479a780d7367434d59c8ad9640cba52 87868 libdbus-1-3-udeb_1.8.8-1_amd64.udeb 7089d04a5cd4059c608e730a75eb6b99c526789b 1323732 dbus-1-doc_1.8.8-1_all.deb 3ab672b27e49cbb298a84f1ab3ff50794c6e155e 204268 libdbus-1-dev_1.8.8-1_amd64.deb bd1cbf07266bba9f5d1c6ca5c336f166b7ebd736 6112394 dbus-1-dbg_1.8.8-1_amd64.deb Checksums-Sha256: b0979486f6b710416d3eb63349f3f6a02cba1b62074d68579456b6bb5d73d5e1 2886 dbus_1.8.8-1.dsc dfab263649a979d0fff64a30cac374891a8e9940350e41f3bbd7679af32bd1fd 1864881 dbus_1.8.8.orig.tar.gz a2d0ec7caa5262e2d02b3f54658652230e1f19b91b4a60c295d8f01bd7a28259 36048 dbus_1.8.8-1.debian.tar.xz 238da6b6b432d5f6eeec0bf39c2a3f596a998b7f3a2a11cee83972d26e19229e 284876 dbus_1.8.8-1_amd64.deb 6a35843eb9a75d0473ec61924ddc694e3371f9156ce905a60685aa250fbb23e2 141936 dbus-udeb_1.8.8-1_amd64.udeb d2adee1e6b0f0702c6c9db60466d90c4d582695d78bd651d71148dc5431b9ad7 69316 dbus-x11_1.8.8-1_amd64.deb 0fb3c5ac831c2c0ddeee36518d7426435382399feee8e00e7b9160d5894361ff 165812 libdbus-1-3_1.8.8-1_amd64.deb f3753a9ed232ba5539058bd87cceaabcb2334a4a11a747f651ef968455456769 87868 libdbus-1-3-udeb_1.8.8-1_amd64.udeb 1ca54882c8da0f5bac6e965bc935ee1d7c445191e32fc5343801669c245b4f0c 1323732 dbus-1-doc_1.8.8-1_all.deb 87740a153438d937d1c1d6c9003ac3d68bc6528bec14a0da336e96cbf3451520 204268 libdbus-1-dev_1.8.8-1_amd64.deb fdc7b15af58d603671b803e03a0c0d13e1e270f0a9208c714ff8ac44d666f95a 6112394 dbus-1-dbg_1.8.8-1_amd64.deb Files: 8fe4ecb42972479c73b77dd776414d8b 284876 admin standard dbus_1.8.8-1_amd64.deb 2591b23b8104404d985e5ba863253640 141936 debian-installer extra dbus-udeb_1.8.8-1_amd64.udeb 6848e36c63315b3e790138f6a8145ce7 69316 x11 optional dbus-x11_1.8.8-1_amd64.deb 88214f536c1668c15a11d4351213186c 165812 libs optional libdbus-1-3_1.8.8-1_amd64.deb 7b3ffe29d98623a1ad5a9c78b830965a 87868 debian-installer extra libdbus-1-3-udeb_1.8.8-1_amd64.udeb 7c9c54ae9d02aee9906c47b05798a1e5 1323732 doc optional dbus-1-doc_1.8.8-1_all.deb 14352e5a11b2055a4ca160ec4eb0d826 204268 libdevel optional libdbus-1-dev_1.8.8-1_amd64.deb 5e167f609643e6a0cfe5f3adeba999bb 6112394 debug extra dbus-1-dbg_1.8.8-1_amd64.deb c71fc89e3f6a91547df8e9bf467b9d07 2886 admin optional dbus_1.8.8-1.dsc b9f4a18ee3faa1e07c04aa1d83239c43 1864881 admin optional dbus_1.8.8.orig.tar.gz 4775b276b8f617c13a6e96080f88e8f0 36048 admin optional dbus_1.8.8-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIVAwUBVBhg/03o/ypjx8yQAQidqBAAhhKUNvPD9jYLD7J8PuqiagQ29ZnqFJzg hZt0Ob7zaj/OyCaZkvon9Ke5rWEWu7zl2RpgJwuTIBK9oDripAzif/+tEisJ4WUY OIt2e79ykFAAdTbm0g/8x1ronp1/YPWs6jMIy6VNay7arT69Bc17NyP29XOG3Was 9pbxUbMJ4mIdbHiy+Qb/8T6+/FrlQFWbcVEqbGgRrIl0uNdKnrfAgKLN4n92u5TE xT41yxTRKDwlPLMuR9zozYHkesjILsun06kJG7+8ZGmCtjDw2bLdk23h0d9HEcO6 gV+VGJBFJim+sE2J56NLSu6R8HQTg4X+rT0URY8FxXIsLdGizgfzPO+MLmOj2lYI QhWOpMgGF+y2I/+JGckEyMZ4WKh/MX7Z0mvswEYMWfW7BT/aZ2fuyin3PmEq9sER mhg1NDHnmSY4u1G+hkgzWR0xWJQGkvyPwYa7AVppg0bnIuGO+j0llHICXd4uwskY EWawTXQ2TTpVH5LqZdinAld+SjmX+6GEtg8FKoe8U3b0OKDFKIlcwdnrc23ATB/3 umvAAv5fVl743EFG0r6mG9mA2KDKnRtnoOJ0riqnQVeRgXH51hMyfuvkWMFABoMl UaRs0dgGN2XzbLq+OapvELQU2c2h8jMocDqC4zKUwXE3BV8uATuuMCF2xyDb/ULO xoC1PRabNuE= =lxGn -----END PGP SIGNATURE-----