-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 19 Nov 2014 15:12:37 +0100 Source: dbus Binary: dbus dbus-x11 libdbus-1-3 dbus-1-doc libdbus-1-dev dbus-1-dbg Architecture: source all amd64 Version: 1.2.24-4+squeeze3 Distribution: squeeze-lts Urgency: medium Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org> Changed-By: Raphaël Hertzog <hertzog@debian.org> Description: dbus - simple interprocess messaging system dbus-1-dbg - simple interprocess messaging system (debug symbols) dbus-1-doc - simple interprocess messaging system (documentation) dbus-x11 - simple interprocess messaging system (X11 deps) libdbus-1-3 - simple interprocess messaging system libdbus-1-dev - simple interprocess messaging system (development headers) Changes: dbus (1.2.24-4+squeeze3) squeeze-lts; urgency=medium . * Security upload by the Debian LTS team. * CVE-2014-3477: Backport patch from upstream to fix a denial of service (failure to obtain bus name) in newly-activated system services that not all users are allowed to access. * CVE-2014-3638: Backport patch from upstream to reduce maximum number of pending replies per connection to avoid algorithmic complexity DoS. * CVE-2014-3639: Backport patch from upstream to not accept() new connections when all unauthenticated connection slots are in use, so that malicious processes cannot prevent new connections to the system bus. Note that the patch that reduced the authentication delay to 5s has not been applied due to known regressions: https://bugs.freedesktop.org/show_bug.cgi?id=86431 Checksums-Sha1: 0809d7ea3154134105eefff9e7711fe4fc6daed7 1864 dbus_1.2.24-4+squeeze3.dsc 56e2e937f9f39ce989b859e4fa33f8741e1b4248 43621 dbus_1.2.24-4+squeeze3.debian.tar.gz 6fd5684751156001fe1820c310c24fe9e9e619f7 1840216 dbus-1-doc_1.2.24-4+squeeze3_all.deb 3a1bcab3d1f5b483ac73610bcd5e9d555d0ff01f 234600 dbus_1.2.24-4+squeeze3_amd64.deb a6c6db4faddeec0eb4d87a264b850b3e5ee9e457 43456 dbus-x11_1.2.24-4+squeeze3_amd64.deb 5ae10c24bdcc43438474c33a0dc7f80f7ab13108 145838 libdbus-1-3_1.2.24-4+squeeze3_amd64.deb fd73f490abcc576173070305d38500ec1c0d5825 245026 libdbus-1-dev_1.2.24-4+squeeze3_amd64.deb 375d2891336be8371ca3fe0ee50826c946d51afa 765098 dbus-1-dbg_1.2.24-4+squeeze3_amd64.deb Checksums-Sha256: 6e1cdbbd2d5a3f442a08abfbadff75a27208e485fe454fe3b4969ed59afb9bfa 1864 dbus_1.2.24-4+squeeze3.dsc 88dd92a90814b601a1c3f1010c270c00b26cc86861e1c063eab2b23066aaffc8 43621 dbus_1.2.24-4+squeeze3.debian.tar.gz 25a5629f70489765be00b58d4b619d46d210b444564764f46b424fc8170e9f5e 1840216 dbus-1-doc_1.2.24-4+squeeze3_all.deb d765b8fe9e640450b47d3edfcbfe2c734009627612667aa8959b8026ef53350a 234600 dbus_1.2.24-4+squeeze3_amd64.deb 67c2b372f6bad6565fbea2b423444b462e268c3b526d66880fffee4bf020db94 43456 dbus-x11_1.2.24-4+squeeze3_amd64.deb 169c4fea6bded5f628e56494e33306c3e82b46ad0d6ddea11cc74d2f62352c8f 145838 libdbus-1-3_1.2.24-4+squeeze3_amd64.deb 6de0e9077f49f941d1c5859515b98ddcf4ba1188c05ad916889348a9eb094743 245026 libdbus-1-dev_1.2.24-4+squeeze3_amd64.deb 6fbdb331a5206380410538a7b3f4d97e9db8f355dd0aae5dcd32c2c6aedfc689 765098 dbus-1-dbg_1.2.24-4+squeeze3_amd64.deb Files: 4ab734c88f22f6a760cea365ab455c3d 1864 devel optional dbus_1.2.24-4+squeeze3.dsc 4476c4b06a89e0aab0990bdf709bff57 43621 devel optional dbus_1.2.24-4+squeeze3.debian.tar.gz d25ce88e3b55f4de8e6f18692ae68d29 1840216 doc optional dbus-1-doc_1.2.24-4+squeeze3_all.deb a8d0068368bcf22cbb4ee44166547f29 234600 devel optional dbus_1.2.24-4+squeeze3_amd64.deb aea248d15ee3867b7908a2f2d5392fd6 43456 x11 optional dbus-x11_1.2.24-4+squeeze3_amd64.deb abcea4a2f2322e2f1d11f0518ebe7a60 145838 libs optional libdbus-1-3_1.2.24-4+squeeze3_amd64.deb ef9e39deacae2653d4fad100642ae9ab 245026 libdevel optional libdbus-1-dev_1.2.24-4+squeeze3_amd64.deb aab9ebb95fc4af8f97573b1cb176b332 765098 debug extra dbus-1-dbg_1.2.24-4+squeeze3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJUbetsAAoJEAOIHavrwpq50jEIAIDHjZTtlkkhA/ff1fHJ5VQ/ PgeKuj4FYu4MI16AMcjDUfGUPgGKUpS80paTZvyPtp9B6/8FtgECtjKODs4BeBUE lDYf8TL9vUyz/6gL7Sm2YihGgPi4X6hXJ2XJ+9ePWWW9eQuwGCpSpiskapd061q6 bg0iZNStesOK0/CW0jf2aSTHfVbj/pkXAHS0qd6LFPu2CHvkOHTINOTdW5IzN9nu FQLjz0Sq9/eDPnpGh1roQunFu8pmT0ADF2DD3nEyih4SN/MjqAAdpNjRjnYtsb6J XGiu3eItr6hw02aMdmsdANBqS83sxZ9ZXy1fRX9tYZ0oS5HpZ9NJjZmYU5HOeyQ= =sw0m -----END PGP SIGNATURE-----