[ubuntu/natty] language-selector 0.33 (Accepted)

Tue Apr 19 18:27:00 UTC 2011

language-selector (0.33) natty; urgency=low

  * dbus_backend/ls-dbus-backend: Actually look at the PolicyKit check result
    and only proceed if it succeeded. Thanks to Romain Perier for finding this
    and providing the patch! This fixes a local root privilege escalation, as
    this allows any authenticated user to write arbitrary shell commands into
    /etc/default/locale. (LP: #764397) [CVE-2011-0729]
  * dbus_backend/ls-dbus-backend: Reject locale names with invalid characters
    in it, to further prevent injecting shell code into /etc/default/locale
    for authenticated users. Thanks to Felix Geyer for the initial patch!
    (LP: #764397)
  * dbus_backend/com.ubuntu.LanguageSelector.conf: Allow access to standard
    D-BUS introspection and properties interfaces. There's no reason to deny
    it, and it causes warnings.
  * debian/language-selector-common.postinst: Stop running D-BUS backend on
    upgrade.

Date: Tue, 19 Apr 2011 20:20:44 +0200
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/language-selector/0.33
-------------- next part --------------
Format: 1.8
Date: Tue, 19 Apr 2011 20:20:44 +0200
Source: language-selector
Binary: language-selector-gnome language-selector-kde language-selector-qt language-selector language-selector-common
Architecture: source
Version: 0.33
Distribution: natty
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description: 
 language-selector - Language selector for Ubuntu (transitional package)
 language-selector-common - Language selector for Ubuntu Linux
 language-selector-gnome - Language selector for Ubuntu
 language-selector-kde - Language selector for Kubuntu
 language-selector-qt - Language selector for Kubuntu (transitional package)
Launchpad-Bugs-Fixed: 764397
Changes: 
 language-selector (0.33) natty; urgency=low
 .
   * dbus_backend/ls-dbus-backend: Actually look at the PolicyKit check result
     and only proceed if it succeeded. Thanks to Romain Perier for finding this
     and providing the patch! This fixes a local root privilege escalation, as
     this allows any authenticated user to write arbitrary shell commands into
     /etc/default/locale. (LP: #764397) [CVE-2011-0729]
   * dbus_backend/ls-dbus-backend: Reject locale names with invalid characters
     in it, to further prevent injecting shell code into /etc/default/locale
     for authenticated users. Thanks to Felix Geyer for the initial patch!
     (LP: #764397)
   * dbus_backend/com.ubuntu.LanguageSelector.conf: Allow access to standard
     D-BUS introspection and properties interfaces. There's no reason to deny
     it, and it causes warnings.
   * debian/language-selector-common.postinst: Stop running D-BUS backend on
     upgrade.
Checksums-Sha1: 
 bcb76c437528bb10b850e79619f795dd2cdfd830 1657 language-selector_0.33.dsc
 021b6d592d21ae2c00d6d329b8f51cdda3848c1b 333516 language-selector_0.33.tar.gz
Checksums-Sha256: 
 dc9f4cd3fc52601d5777dd3dc58a033c8abbca741687240e1d177e560d722677 1657 language-selector_0.33.dsc
 a77dee8af4e05ab778de3bf1227e028b793da9f0dbf26efd929b603cdb3116fe 333516 language-selector_0.33.tar.gz
Files: 
 cb8e4f44b020ed27cda02d31c4392ff0 1657 admin optional language-selector_0.33.dsc
 7b4e2aa6977df4da34e8f910b6747cc0 333516 admin optional language-selector_0.33.tar.gz