[ubuntu/vivid-proposed] dbus 1.8.8-2ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Nov 27 16:11:14 UTC 2014 

dbus (1.8.8-2ubuntu2) vivid; urgency=medium

  * SECURITY UPDATE: denial of service via large number of fds
    - debian/patches/CVE-2014-7824.patch: raise rlimit and restore it for
      activated services in bus/activation.c, bus/bus.*,
      dbus/dbus-sysdeps-util-unix.c, dbus/dbus-sysdeps-util-win.c,
      dbus/dbus-sysdeps.h.
    - debian/dbus.init: don't launch daemon as a user so the rlimit can be
      raised.
    - CVE-2014-7824
  * SECURITY REGRESSION: authentication timeout on certain slower systems
    - debian/patches/CVE-2014-3639-regression.patch: raise auth_timeout
      back up to 30 secs in bus/config-parser.c, add a warning to
      bus/connection.c.
    - CVE-2014-3639

Date: Tue, 25 Nov 2014 14:22:42 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/dbus/1.8.8-2ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 25 Nov 2014 14:22:42 -0500
Source: dbus
Binary: dbus dbus-udeb dbus-x11 libdbus-1-3 libdbus-1-3-udeb dbus-1-doc libdbus-1-dev dbus-1-dbg
Architecture: source
Version: 1.8.8-2ubuntu2
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 dbus       - simple interprocess messaging system (daemon and utilities)
 dbus-1-dbg - simple interprocess messaging system (debug symbols)
 dbus-1-doc - simple interprocess messaging system (documentation)
 dbus-udeb  - simple interprocess messaging system (minimal runtime) (udeb)
 dbus-x11   - simple interprocess messaging system (X11 deps)
 libdbus-1-3 - simple interprocess messaging system (library)
 libdbus-1-3-udeb - simple interprocess messaging system (minimal library) (udeb)
 libdbus-1-dev - simple interprocess messaging system (development headers)
Changes:
 dbus (1.8.8-2ubuntu2) vivid; urgency=medium
 .
   * SECURITY UPDATE: denial of service via large number of fds
     - debian/patches/CVE-2014-7824.patch: raise rlimit and restore it for
       activated services in bus/activation.c, bus/bus.*,
       dbus/dbus-sysdeps-util-unix.c, dbus/dbus-sysdeps-util-win.c,
       dbus/dbus-sysdeps.h.
     - debian/dbus.init: don't launch daemon as a user so the rlimit can be
       raised.
     - CVE-2014-7824
   * SECURITY REGRESSION: authentication timeout on certain slower systems
     - debian/patches/CVE-2014-3639-regression.patch: raise auth_timeout
       back up to 30 secs in bus/config-parser.c, add a warning to
       bus/connection.c.
     - CVE-2014-3639
Checksums-Sha1:
 5b3b6eaec049aa77f02e37d1d33bc1986f2d409d 2961 dbus_1.8.8-2ubuntu2.dsc
 832b8f37d329b9c87728efe88a7aa4c2d82e4b89 63460 dbus_1.8.8-2ubuntu2.debian.tar.xz
Checksums-Sha256:
 1b32906e023b29051bcbafcff8a3723a2962f28139e907b3f6cb820d4018e790 2961 dbus_1.8.8-2ubuntu2.dsc
 a2682739fce08214fd18eab49b8faf74f336ed9355d283b80aa80608f0a6da62 63460 dbus_1.8.8-2ubuntu2.debian.tar.xz
Files:
 cdb274f3e82520ee61da9da438995637 2961 admin optional dbus_1.8.8-2ubuntu2.dsc
 61c73c70f8252bbe51ef813ad399af6f 63460 admin optional dbus_1.8.8-2ubuntu2.debian.tar.xz
Original-Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUd0yWAAoJEGVp2FWnRL6T9+gP/0oUQd0WELWWtZJB4dJW5+MW
A/Et1Yz7zECjI8ilTmVl6Y0D+E/CmX5wKtDcW0x8TpiaB1siQTCwtXPY1dlrvgBT
iLvv+M0gtZRM5twYEHNOrubafbN2kTClEQVASnLzb+rlj5pm1254yOY1HeqXrr74
qPWaBBSsXHu4+wi72Enln8Z1pb8AysXsDLq4hHm7hdzhMX2UXKLLJxse8htyZaB2
DpRiZgCGlss5qjQ+/w8eKei6vjHY7X/Wrvk0tEgH6sc4fEakcKaT1TRAXSieAsvF
9XdVZsMhLXAmfZXZ94HlKqZo2rKTRoYS2oYivJUXNFj88ER/337AM/ZETum+0I7J
JY1SGI5QQTEaBv7OKu50OeL8JXvbTCGbV/ZYIxN0Nd3GGrDgCxeZKdvmKL1X49xk
YETI9Dbj6dvZaRgNgF2hi4vLTCPVFXJN9a+6Ey0q3ItbCsHTn82h7p/KbVKY9l5S
fOH6V5iecUtWwJqaoF2nDyxrjfkF3n571N93P55t1kVWSx4S87Xzh3GvfcwV5KYh
mqJp03a59/CTcxJbDSbAE7+5T4EDa/ks2KRTk/TaO6ngcHPQBeIIPXh9ICVRD+mt
ipUy4/hPVujNIZRQvI/lDmA+FSVFS0WeVs4jZioywvekZfpWx73A0EEpaFK0utAl
dgEja8V7+PZvGYFP8e32
=vLuS
-----END PGP SIGNATURE-----

More information about the Vivid-changes mailing list