[ubuntu/xenial-updates] dbus 1.10.6-1ubuntu3.4 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Jun 11 16:58:13 UTC 2019
dbus (1.10.6-1ubuntu3.4) xenial-security; urgency=medium
* SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
- d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
reject DBUS_COOKIE_SHA1 for users other than the server owner in
dbus/dbus-auth.c.
- d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
add basic test coverage for DBUS_COOKIE_SHA1 in
dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
test/data/auth/cookie-sha1-username.auth-script,
test/data/auth/cookie-sha1.auth-script.
- CVE-2019-12749
Date: 2019-06-10 19:41:12.626700+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/dbus/1.10.6-1ubuntu3.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list