Debian Package Tracker

From: Martin Pitt <mpitt@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted python-dbusmock 0.11.4-1+deb8u1 (source all) into proposed-updates->stable-new, proposed-updates
Date: Tue, 26 May 2015 12:47:06 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 26 May 2015 09:26:11 +0200
Source: python-dbusmock
Binary: python-dbusmock python3-dbusmock
Architecture: source all
Version: 0.11.4-1+deb8u1
Distribution: jessie
Urgency: medium
Maintainer: Debian Python Modules Team <python-modules-team@lists.alioth.debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Description:
 python-dbusmock - mock D-Bus objects for tests (Python 2)
 python3-dbusmock - mock D-Bus objects for tests (Python 3)
Closes: 786858
Changes:
 python-dbusmock (0.11.4-1+deb8u1) stable; urgency=medium
 .
   * SECURITY FIX: When loading a template from an arbitrary file through the
     AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template()
     Python method, don't create or use Python's *.pyc cached files. By
     tricking a user into loading a template from a world-writable directory
     like /tmp, an attacker could run arbitrary code with the user's
     privileges by putting a crafted .pyc file into that directory.
 .
     Note that this is highly unlikely to actually appear in practice as custom
     dbusmock templates are usually shipped in project directories, not
     directly in world-writable directories.
     (Closes: #786858, LP: #1453815, CVE-2015-1326)
   * Add debian/gbp.conf for "jessie" packaging branch.
Checksums-Sha1:
 7de862771bec9c5e23d53869f2ee5a216dffc9bb 2337 python-dbusmock_0.11.4-1+deb8u1.dsc
 f615f92079732115e93e036e92ccfaf8fd85c255 4848 python-dbusmock_0.11.4-1+deb8u1.debian.tar.xz
 2000b9b4b729406c58bf61589312975c12c5d9bd 50640 python-dbusmock_0.11.4-1+deb8u1_all.deb
 4d269541a8a63a1c2c8c873d1f33a552554bd851 50724 python3-dbusmock_0.11.4-1+deb8u1_all.deb
Checksums-Sha256:
 69dbdcbbe777136a208416ce0e80525e7d85a3393d1db4c2ab1ad2a6354c9825 2337 python-dbusmock_0.11.4-1+deb8u1.dsc
 15501a7e6431ec845c7e6228d15fd02f1d099cb099b4d9f1f5ad9259e82395d3 4848 python-dbusmock_0.11.4-1+deb8u1.debian.tar.xz
 f749e66164fb8e3b35807ff0e2f310c3cb7652c0e102c9690e20f4f114088cd4 50640 python-dbusmock_0.11.4-1+deb8u1_all.deb
 5f9324cde0215cf7ffb1378f2fa0e7b0191aee84b0bd718e0416adf7e369168d 50724 python3-dbusmock_0.11.4-1+deb8u1_all.deb
Files:
 c8575beed820af756f41ffdc489c8e1c 2337 python optional python-dbusmock_0.11.4-1+deb8u1.dsc
 b06c616b80a7706f7edb0c669e8bdf0c 4848 python optional python-dbusmock_0.11.4-1+deb8u1.debian.tar.xz
 0f485ffd45d2b8ca993036c62cd861a2 50640 python optional python-dbusmock_0.11.4-1+deb8u1_all.deb
 1afd23add0adeee0b389667fa0ee221e 50724 python optional python3-dbusmock_0.11.4-1+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVZCDEAAoJENFO8V2v4RNHRCYP/3W5Wh4gnaephXQ7gZxvhDU4
BLzgU7m5IX39qxwLetlenimUmjO1hdCSBjh6ggg4xb4QT8sAcK5xsPMssMRmZOXC
dbnz64gFoz89Z8p89Z3twqSQhuO890K3UXWYfLCrOsoHYCzcR2HXsP2MRylDrSv0
UTPq0SvulCWKC3oXE+PP790eGEWKpELCKEWMBpbDvfrrUOVtA9idhBO01C9Cyu6k
wJlVx5CGEGC093hsOktguNHqa3dChye3pBRnVg0mEEdIGQmAtr1/+QVc7iNH02B0
x0jE67XTo+/EKYnblXsMVOpj+tsjeTR8j2FOY1cO7YEEKcCVhnd+IrOIaAP8ZJK/
J1rE3xBLSJnFfxtMhICA0AlNRlwAXeyvS1PWWDbaVoGXNGW/TPWIANOHSITE2LM6
hZtHFmCm9RhQJxC6hF6AYBoyS9Vd4n7OVKXAE40lPy/CrSbhYbm17XSq+KpUlYIa
HKrmCgmK3cDDLKnqtejwPS4hPdHrmba/9m4KQ4iJpCtb4InWH8pHLHXlS0wnjT9R
RD1hM9xqT/Wv4BOKPTpjmw4ggQ5RmVIRRELWjjm+vnkT90lVY/vvNPOO5IHQBj1o
31fimoCu0wFil6MHDrjKTxRqR4Q2abreH3ECbtwFhvn3JAhXiAINYXrceQ3/KRvR
Nywpg1p09e1T1X7217jK
=/vh6
-----END PGP SIGNATURE-----
News for package python-dbusmock
