dbus 1.12.16-1 source package in Debian
Changelog
dbus (1.12.16-1) unstable; urgency=medium
* New upstream stable release
- CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
authentication for identities that differ from the user running the
DBusServer. Previously, a local attacker could manipulate symbolic
links in their own home directory to bypass authentication and
connect to a DBusServer with elevated privileges. The standard
system and session dbus-daemons in their default configuration were
immune to this attack because they did not allow DBUS_COOKIE_SHA1,
but third-party users of DBusServer such as Upstart could be
vulnerable.
-- Simon McVittie <email address hidden> Sun, 09 Jun 2019 21:34:34 +0100
Upload details
- Uploaded by:
- Utopia Maintenance Team
- Uploaded to:
- Sid
- Original maintainer:
- Utopia Maintenance Team
- Architectures:
- any all
- Section:
- admin
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| dbus_1.12.16-1.dsc | 3.7 KiB | 86a42029448c3ef881d351db0d298b2d6ecd260110e06b815b520eed63749749 |
| dbus_1.12.16.orig.tar.gz | 2.0 MiB | 54a22d2fa42f2eb2a871f32811c6005b531b9613b1b93a0d269b05e7549fec80 |
| dbus_1.12.16.orig.tar.gz.asc | 833 bytes | 5906e4cb235e8a3a88f5f0566b7775b065dc3e14683c2c379af86b4f428042f9 |
| dbus_1.12.16-1.debian.tar.xz | 62.6 KiB | 61376d1420c56f81538bc3d5dc3492d9ee08714f69d0cbed804d28fc14421e1f |
No changes file available.
