[ubuntu/groovy-security] accountsservice 0.6.55-0ubuntu13.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Nov 3 15:07:26 UTC 2020
accountsservice (0.6.55-0ubuntu13.2) groovy-security; urgency=medium
* SECURITY UPDATE: accountsservice drop privileges SIGSTOP DoS
(LP: #1900255)
- debian/patches/0010-set-language.patch: updated to not drop real uid
and real gid in user_drop_privileges_to_user.
- debian/patches/0009-language-tools.patch: updated to not reset
effective uid.
- CVE-2020-16126
* SECURITY UPDATE: accountsservice .pam_environment infinite loop
(LP: #1900255)
- debian/patches/0010-set-language.patch: updated to use O_NOFOLLOW
and limit the number of lines read from file.
- CVE-2020-16127
Date: 2020-11-02 17:45:14.887963+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/accountsservice/0.6.55-0ubuntu13.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Groovy-changes
mailing list