[ubuntu/maverick-security] acpid 1.0.10-5ubuntu4.4 (Accepted)

Tyler Hicks tyhicks at canonical.com
Thu Dec 8 23:05:15 UTC 2011 

acpid (1.0.10-5ubuntu4.4) maverick-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution in the power button handling
    script (LP: #893821)
    - debian/powerbtn.sh: Ensure that the DBUS_SESSION_BUS_ADDRESS environment
      variable is only read from a process owned by the user that will be
      evaluating the variable.
    - CVE-2011-2777
  * SECURITY UPDATE: Unprivileged users may be able to write to directories
    and read files created by event handler scripts
    - event.c: Set a restrictive umask of 0077 before running an event handler
      script. Based on upstream patch.
    - CVE-2011-4578

Date: Wed, 07 Dec 2011 16:35:34 -0600
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/acpid/1.0.10-5ubuntu4.4
-------------- next part --------------
Format: 1.8
Date: Wed, 07 Dec 2011 16:35:34 -0600
Source: acpid
Binary: acpid
Architecture: source
Version: 1.0.10-5ubuntu4.4
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Description: 
 acpid      - Advanced Configuration and Power Interface event daemon
Launchpad-Bugs-Fixed: 893821
Changes: 
 acpid (1.0.10-5ubuntu4.4) maverick-security; urgency=low
 .
   * SECURITY UPDATE: Arbitrary code execution in the power button handling
     script (LP: #893821)
     - debian/powerbtn.sh: Ensure that the DBUS_SESSION_BUS_ADDRESS environment
       variable is only read from a process owned by the user that will be
       evaluating the variable.
     - CVE-2011-2777
   * SECURITY UPDATE: Unprivileged users may be able to write to directories
     and read files created by event handler scripts
     - event.c: Set a restrictive umask of 0077 before running an event handler
       script. Based on upstream patch.
     - CVE-2011-4578
Checksums-Sha1: 
 7e44512532f04cdfaabc8d594f58109d26fb309d 2048 acpid_1.0.10-5ubuntu4.4.dsc
 7968e37b5a71f4f56a437eed61375453e51037e7 43079 acpid_1.0.10-5ubuntu4.4.diff.gz
Checksums-Sha256: 
 398b734956946146c779d058edb5322cb45f431d0f4bf0fb07f24d97a787867d 2048 acpid_1.0.10-5ubuntu4.4.dsc
 31705fb1ce9a5fb2ada3e9cbb1003ca0c04e458c3974c9e499b4c33e6f4d54ba 43079 acpid_1.0.10-5ubuntu4.4.diff.gz
Files: 
 3804af730e7f6617b15153becf0e5942 2048 admin optional acpid_1.0.10-5ubuntu4.4.dsc
 5c24026adf8e185bf07f518f025f141a 43079 admin optional acpid_1.0.10-5ubuntu4.4.diff.gz
Original-Maintainer: Debian Acpi Team <pkg-acpi-devel at lists.alioth.debian.org>

More information about the Maverick-changes mailing list