-
accountsservice (0.6.55-0ubuntu13.3) hirsute-security; urgency=medium
* SECURITY UPDATE: double-free in the SetLanguage D-Bus method
(LP: #1950149)
- debian/patches/0010-set-language.patch: updated to remove g_autofree
on result of user_get_fallback_value().
- CVE-2021-3939
* debian/patches/0010-set-language.patch: updated to fix minor memory
leaks by adding g_autofree to results of user_update_environment().
-- Marc Deslauriers <email address hidden> Tue, 09 Nov 2021 07:22:07 -0500
-
accountsservice (0.6.55-0ubuntu13.2) groovy-security; urgency=medium
* SECURITY UPDATE: accountsservice drop privileges SIGSTOP DoS
(LP: #1900255)
- debian/patches/0010-set-language.patch: updated to not drop real uid
and real gid in user_drop_privileges_to_user.
- debian/patches/0009-language-tools.patch: updated to not reset
effective uid.
- CVE-2020-16126
* SECURITY UPDATE: accountsservice .pam_environment infinite loop
(LP: #1900255)
- debian/patches/0010-set-language.patch: updated to use O_NOFOLLOW
and limit the number of lines read from file.
- CVE-2020-16127
-- Marc Deslauriers <email address hidden> Mon, 02 Nov 2020 12:02:46 -0500
-
accountsservice (0.6.55-0ubuntu13) groovy; urgency=medium
* debian/patches/0010-set-language.patch:
- Don't dismiss C.UTF-8 as an invalid locale name (LP: #1873678)
-- Gunnar Hjalmarsson <email address hidden> Fri, 09 Oct 2020 15:08:15 +0200
