[ubuntu/natty] language-selector 0.33 (Accepted)
Martin Pitt
martin.pitt at ubuntu.com
Tue Apr 19 18:27:00 UTC 2011
language-selector (0.33) natty; urgency=low
* dbus_backend/ls-dbus-backend: Actually look at the PolicyKit check result
and only proceed if it succeeded. Thanks to Romain Perier for finding this
and providing the patch! This fixes a local root privilege escalation, as
this allows any authenticated user to write arbitrary shell commands into
/etc/default/locale. (LP: #764397) [CVE-2011-0729]
* dbus_backend/ls-dbus-backend: Reject locale names with invalid characters
in it, to further prevent injecting shell code into /etc/default/locale
for authenticated users. Thanks to Felix Geyer for the initial patch!
(LP: #764397)
* dbus_backend/com.ubuntu.LanguageSelector.conf: Allow access to standard
D-BUS introspection and properties interfaces. There's no reason to deny
it, and it causes warnings.
* debian/language-selector-common.postinst: Stop running D-BUS backend on
upgrade.
Date: Tue, 19 Apr 2011 20:20:44 +0200
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/language-selector/0.33
-------------- next part --------------
Format: 1.8
Date: Tue, 19 Apr 2011 20:20:44 +0200
Source: language-selector
Binary: language-selector-gnome language-selector-kde language-selector-qt language-selector language-selector-common
Architecture: source
Version: 0.33
Distribution: natty
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
language-selector - Language selector for Ubuntu (transitional package)
language-selector-common - Language selector for Ubuntu Linux
language-selector-gnome - Language selector for Ubuntu
language-selector-kde - Language selector for Kubuntu
language-selector-qt - Language selector for Kubuntu (transitional package)
Launchpad-Bugs-Fixed: 764397
Changes:
language-selector (0.33) natty; urgency=low
.
* dbus_backend/ls-dbus-backend: Actually look at the PolicyKit check result
and only proceed if it succeeded. Thanks to Romain Perier for finding this
and providing the patch! This fixes a local root privilege escalation, as
this allows any authenticated user to write arbitrary shell commands into
/etc/default/locale. (LP: #764397) [CVE-2011-0729]
* dbus_backend/ls-dbus-backend: Reject locale names with invalid characters
in it, to further prevent injecting shell code into /etc/default/locale
for authenticated users. Thanks to Felix Geyer for the initial patch!
(LP: #764397)
* dbus_backend/com.ubuntu.LanguageSelector.conf: Allow access to standard
D-BUS introspection and properties interfaces. There's no reason to deny
it, and it causes warnings.
* debian/language-selector-common.postinst: Stop running D-BUS backend on
upgrade.
Checksums-Sha1:
bcb76c437528bb10b850e79619f795dd2cdfd830 1657 language-selector_0.33.dsc
021b6d592d21ae2c00d6d329b8f51cdda3848c1b 333516 language-selector_0.33.tar.gz
Checksums-Sha256:
dc9f4cd3fc52601d5777dd3dc58a033c8abbca741687240e1d177e560d722677 1657 language-selector_0.33.dsc
a77dee8af4e05ab778de3bf1227e028b793da9f0dbf26efd929b603cdb3116fe 333516 language-selector_0.33.tar.gz
Files:
cb8e4f44b020ed27cda02d31c4392ff0 1657 admin optional language-selector_0.33.dsc
7b4e2aa6977df4da34e8f910b6747cc0 333516 admin optional language-selector_0.33.tar.gz
More information about the Natty-changes
mailing list