[ubuntu/hirsute-proposed] pulseaudio 1:13.99.3-1ubuntu2 (Accepted)

James Henstridge james.henstridge at canonical.com
Mon Nov 23 18:22:13 UTC 2020


pulseaudio (1:13.99.3-1ubuntu2) hirsute; urgency=medium

  * SECURITY UPDATE: don't rely on SCM_CREDENTIALS to detect snap confined
    clients (LP: #1895928)
    - d/p/0409-pa-client-peer-credentials.patch: drop patch
    - d/p/0409-fix-arg-parsing-after-async-hook.patch: remains of old 0409
      patch not related to pa_creds.
    - d/p/0410-pa-client-peer-apparmor-label.patch: new patch, records
      AppArmor label in pa_client struct for native connections using
      aa_getpeercon.
    - d/p/0702-add-snappy-policy-module.patch: use the AppArmor
      label in the pa_client rather than looking it up via the process ID
      from SCM_CREDENTIALS.
    - CVE-2020-16123
   * Don't block classic snaps from module loading/unloading (LP: #1886854)
    - d/p/0702-add-snappy-policy-module.patch: replace
      deny_to_snaps_hook with a version that allows classic snaps.

Date: Mon, 09 Nov 2020 22:43:42 -0500
Changed-By: James Henstridge <james.henstridge at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/pulseaudio/1:13.99.3-1ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 09 Nov 2020 22:43:42 -0500
Source: pulseaudio
Architecture: source
Version: 1:13.99.3-1ubuntu2
Distribution: hirsute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: James Henstridge <james.henstridge at canonical.com>
Launchpad-Bugs-Fixed: 1886854 1895928
Changes:
 pulseaudio (1:13.99.3-1ubuntu2) hirsute; urgency=medium
 .
   * SECURITY UPDATE: don't rely on SCM_CREDENTIALS to detect snap confined
     clients (LP: #1895928)
     - d/p/0409-pa-client-peer-credentials.patch: drop patch
     - d/p/0409-fix-arg-parsing-after-async-hook.patch: remains of old 0409
       patch not related to pa_creds.
     - d/p/0410-pa-client-peer-apparmor-label.patch: new patch, records
       AppArmor label in pa_client struct for native connections using
       aa_getpeercon.
     - d/p/0702-add-snappy-policy-module.patch: use the AppArmor
       label in the pa_client rather than looking it up via the process ID
       from SCM_CREDENTIALS.
     - CVE-2020-16123
    * Don't block classic snaps from module loading/unloading (LP: #1886854)
     - d/p/0702-add-snappy-policy-module.patch: replace
       deny_to_snaps_hook with a version that allows classic snaps.
Checksums-Sha1:
 33dba4481d1de4791df544780582a4e5faa73a07 3848 pulseaudio_13.99.3-1ubuntu2.dsc
 81627ffcf531e1cc37a8604cf83aa5cb026423ab 94184 pulseaudio_13.99.3-1ubuntu2.debian.tar.xz
 e3d2d8c80ec04a23b84dcbe129dc500215c92cdb 18196 pulseaudio_13.99.3-1ubuntu2_source.buildinfo
Checksums-Sha256:
 34d453d7190bd886ca65250ec092624bf93211be155bc9a5500065b75d8f4e72 3848 pulseaudio_13.99.3-1ubuntu2.dsc
 0939798c874bb7180766b23798480ce6afedc81a2b8e9d98af1724811330f21f 94184 pulseaudio_13.99.3-1ubuntu2.debian.tar.xz
 de4afdcf142cb0247c7fd2e754626c56927d5e59022bce16fa5137bbae6e7419 18196 pulseaudio_13.99.3-1ubuntu2_source.buildinfo
Files:
 8bd151989c681b0c0fc6471f8765b135 3848 sound optional pulseaudio_13.99.3-1ubuntu2.dsc
 70d7dc4045540da8d5f326a7e8da0c03 94184 sound optional pulseaudio_13.99.3-1ubuntu2.debian.tar.xz
 37eddc3f4a3f1b49928af4d13d675c61 18196 sound optional pulseaudio_13.99.3-1ubuntu2_source.buildinfo
Original-Maintainer: Pulseaudio maintenance team <pkg-pulseaudio-devel at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl+7/JYACgkQZWnYVadE
vpMEgw/+LPYo6p4p7Z82nI7XuV43LKuW+t8O8qhuUEQAjRe78IPMgWmDGaAbeswC
LI7lTxb337RPd35mZ7+CbUp7MMb57VwMKoPx/4kQ4a2F1ibHPaGXyBkxdhZTMKwD
tckH8cWEbpPAAMEIoJAkCXmEixg7jWf9a3NRF/GfcTx+dMLByIYv/9z9WxMvh03N
QuKB6Va1/1Pc80SbRbZ9TzL/gt5nyZgPq7pgQxnwXVTO7bSJrXw6d5gvRngULYIA
rMQ7kigREez1iz2y2vu8J6KsFQLsB1YzasrJr692YNEnUDOWdj7x/E+LFNo5UhO/
oZCuVos4dvjkSmQaJLVXmuEW9ypZvU7R6g2GgqcpKae/gOGvDFXyNsSa+eBdXZTa
reiE73jF0ku8QJnhZPIw3tukWgyiTNGeA2S9+3vXH6np94TxLatZELbG/RafiT3r
hzYks9G0U+d6DMuNS3QPDnFc9aalmz1wLCQKBJnpRwxHyrg/vYLT5yD+tWDUx9t1
K976EPbMmFiUAWEZTnsYTg0JMH1pb83jEqDrlgg4c4IijuYinhBEwAxQShCvJE0F
8ISZhBcti5IKoevAFwHqk8DMNfN9dUstWYHB1YvQGT9TD/iQLHz7xUimjlEQHKx0
SlkjW04dvZtSKx86EklC6mL0NRrElD6fDYJ50CWqPJJyOM5VEFY=
=lyaH
-----END PGP SIGNATURE-----


More information about the Hirsute-changes mailing list