-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 12 May 2015 12:49:53 +0200
Source: python-dbusmock
Binary: python-dbusmock python3-dbusmock
Architecture: source all
Version: 0.15.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Description:
python-dbusmock - mock D-Bus objects for tests (Python 2)
python3-dbusmock - mock D-Bus objects for tests (Python 3)
Changes:
python-dbusmock (0.15.1-1) unstable; urgency=medium
.
* New upstream release.
- SECURITY FIX: When loading a template from an arbitrary file through the
AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template()
Python method, don't create or use Python's *.pyc cached files. By
tricking a user into loading a template from a world-writable directory
like /tmp, an attacker could run arbitrary code with the user's
privileges by putting a crafted .pyc file into that directory.
.
Note that this is highly unlikely to actually appear in practice as custom
dbusmock templates are usually shipped in project directories, not
directly in world-writable directories.
(LP: #1453815, CVE-2015-1326)
Checksums-Sha1:
98bb781a22d4566294e8617e7a11303509c07984 2309 python-dbusmock_0.15.1-1.dsc
289acd6c410386e01dbe30d24500c42ec0bed362 67298 python-dbusmock_0.15.1.orig.tar.gz
28ec90699ec514cc016b6d8531d417a715e2c101 3948 python-dbusmock_0.15.1-1.debian.tar.xz
82ff64beea22a7d7da6628514b1ecc567d51b78a 55774 python-dbusmock_0.15.1-1_all.deb
d447d7a939cbfe072e1266903f8e316b368ccf39 56064 python3-dbusmock_0.15.1-1_all.deb
Checksums-Sha256:
3a18a3e6ef7ad16daad139aa45f850bd0cd8ca0455088bbf6979af6d01dc2905 2309 python-dbusmock_0.15.1-1.dsc
ca084ea55c2d1c7991c8eb73c7b578cc27b665ab3e5af2ddfc2daa2d1edacc14 67298 python-dbusmock_0.15.1.orig.tar.gz
6d66eefc7b49c6452dab3be0368a803c721ae53c933c87e48db6decbd040147b 3948 python-dbusmock_0.15.1-1.debian.tar.xz
5e1afa2a8b3542656238927b64a4826fe2bdf852e86cf32e561d55af48ee031e 55774 python-dbusmock_0.15.1-1_all.deb
ab35c3c537271b192cf854c3556847bc51abc8d0ebff9e15ce21c6e8bd8c7f5a 56064 python3-dbusmock_0.15.1-1_all.deb
Files:
3ecd4316b09368037523d5eaa786e289 2309 python optional python-dbusmock_0.15.1-1.dsc
c30f4febcc0514a056cf621a5e2fb539 67298 python optional python-dbusmock_0.15.1.orig.tar.gz
da853b8738dda3a151c3180ed19c9bb0 3948 python optional python-dbusmock_0.15.1-1.debian.tar.xz
6b1b6ff9a5e234eb8c25b8f21e1435b1 55774 python optional python-dbusmock_0.15.1-1_all.deb
2e8d9a003ac6b17cf3c5bec2f7b9ac5d 56064 python optional python3-dbusmock_0.15.1-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJVUds+AAoJENFO8V2v4RNHv9sP/0U4YV23HDO0EAG+TRVTD57I
wZe32Iq1sKvFlaFjQ8+7kgMXtmMm/ROkMcogI6PT6UqCQfZeiYEn9tEZj3GsDF8t
taqJI9vKdqDWYCAHfJ8lh4m7kdSQUjxDNhDt+D9y2l1Si9eB4/x7vGnwliPardbJ
Q4ouABYmEySvrxwmzu0lAo4RRybdirOu1G325hZrPKqeOtW/UxfBbgisp5thn07T
1YfAX9WO8NWitjur5p+/3hYB/n/QOkUadh/JDrO3oWI1c4Y1sBCCx3i53XuhAu+X
jzqphIoVIWt1juYoFLl5rp6md0GY4Rehe5e93SB+b5r0I2SuRmlKnJDyqg25xXXL
vghe5QO71/aOyRdhXlQtH1sUcD1ihS0hQxvH/2ztFrWPiVINgw2o+iinqpY9ArLk
7BGGLNlX0TK5IV9bcBlw1uWxBhIIoK1lkFbKsSHb3nKsYP7/TgE1D/YOOr8c/kwx
vXeDol0aZIgvLojMX9jpmJyC9Ibi0v4RDjLwJlUS7JZYTt/a3AdrQyMiJVMSzFE0
Hs85QELVOGckjO1/8LBMZQsFJDXl2h8lw/itl9s0JvcGdItoWLmNh/mD2Y91ZRH9
vDhZZYd0QoXZgZx6SX7Xj2/rVin6ZCghtRzN2JGnmI02S/HgZarlbdZ87eq/md9B
P58ZjJ+mXSm0MItPM65W
=h5TB
-----END PGP SIGNATURE-----
