[ubuntu/maverick-security] language-selector (delayed), language-selector 0.6.7 (Accepted)

Ubuntu Installer archive at ubuntu.com
Tue Apr 19 18:03:25 UTC 2011


language-selector (0.6.7) maverick-security; urgency=low

  [ Kees Cook ]
  * SECURITY UPDATE: language selector backend did not verify policy kit
    authentication.
    - debian/language-selector-common.postinst: shut down old backend.
    - CVE-2011-0729

  [ Martin Pitt ]
  * dbus_backend/ls-dbus-backend: Actually look at the PolicyKit check result
    and only proceed if it succeeded. Thanks to Romain Perier for finding this
    and providing the patch! This fixes a local root privilege escalation, as
    this allows any authenticated user to write arbitrary shell commands into
    /etc/default/locale. (LP: #764397)
  * dbus_backend/ls-dbus-backend: Reject locale names with invalid characters
    in it, to further prevent injecting shell code into /etc/default/locale
    for authenticated users. Thanks to Felix Geyer for the initial patch!
    (LP: #764397)
  * debian/control: Update Vcs-Bzr: for newly created maverick branch.

Date: Tue, 19 Apr 2011 10:31:37 -0700
Changed-By: Kees Cook <kees at ubuntu.com>
Maintainer: Arne Goetje <arne at ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/language-selector/0.6.7
-------------- next part --------------
Format: 1.8
Date: Tue, 19 Apr 2011 10:31:37 -0700
Source: language-selector
Binary: language-selector language-selector-qt language-selector-common
Architecture: source
Version: 0.6.7
Distribution: maverick-security
Urgency: low
Maintainer: Arne Goetje <arne at ubuntu.com>
Changed-By: Kees Cook <kees at ubuntu.com>
Description: 
 language-selector - Language selector for Ubuntu Linux
 language-selector-common - Language selector for Ubuntu Linux
 language-selector-qt - Language selector for Kubuntu Linux
Launchpad-Bugs-Fixed: 764397
Changes: 
 language-selector (0.6.7) maverick-security; urgency=low
 .
   [ Kees Cook ]
   * SECURITY UPDATE: language selector backend did not verify policy kit
     authentication.
     - debian/language-selector-common.postinst: shut down old backend.
     - CVE-2011-0729
 .
   [ Martin Pitt ]
   * dbus_backend/ls-dbus-backend: Actually look at the PolicyKit check result
     and only proceed if it succeeded. Thanks to Romain Perier for finding this
     and providing the patch! This fixes a local root privilege escalation, as
     this allows any authenticated user to write arbitrary shell commands into
     /etc/default/locale. (LP: #764397)
   * dbus_backend/ls-dbus-backend: Reject locale names with invalid characters
     in it, to further prevent injecting shell code into /etc/default/locale
     for authenticated users. Thanks to Felix Geyer for the initial patch!
     (LP: #764397)
   * debian/control: Update Vcs-Bzr: for newly created maverick branch.
Checksums-Sha1: 
 cc926ae87d05af33bc73d19c0e693b2655bb329c 1665 language-selector_0.6.7.dsc
 afc92f6c509bfed8c418f58518b0262407fdb172 326500 language-selector_0.6.7.tar.gz
Checksums-Sha256: 
 5671ed9f9edac5453f4afd599129bdbaccdc5826347adc819e19a832ac358c1d 1665 language-selector_0.6.7.dsc
 c973610902f9f36c7833580272e173d97920281f0fe07ff4a7372110be129cef 326500 language-selector_0.6.7.tar.gz
Files: 
 6da68bb3816029aed0cd78774e156be1 1665 admin optional language-selector_0.6.7.dsc
 a01efa5326a98d751d1838124f60d9e6 326500 admin optional language-selector_0.6.7.tar.gz


More information about the Maverick-changes mailing list