-
accountsservice (0.6.55-0ubuntu14.1) impish-security; urgency=medium
* SECURITY UPDATE: double-free in the SetLanguage D-Bus method
(LP: #1950149)
- debian/patches/0010-set-language.patch: updated to remove g_autofree
on result of user_get_fallback_value().
- CVE-2021-3939
* debian/patches/0010-set-language.patch: updated to fix minor memory
leaks by adding g_autofree to results of user_update_environment().
-- Marc Deslauriers <email address hidden> Tue, 09 Nov 2021 07:19:41 -0500
-
accountsservice (0.6.55-0ubuntu14) impish; urgency=medium
* No-change rebuild to build packages with zstd compression.
-- Matthias Klose <email address hidden> Thu, 07 Oct 2021 12:29:08 +0200
-
accountsservice (0.6.55-0ubuntu13.2) groovy-security; urgency=medium
* SECURITY UPDATE: accountsservice drop privileges SIGSTOP DoS
(LP: #1900255)
- debian/patches/0010-set-language.patch: updated to not drop real uid
and real gid in user_drop_privileges_to_user.
- debian/patches/0009-language-tools.patch: updated to not reset
effective uid.
- CVE-2020-16126
* SECURITY UPDATE: accountsservice .pam_environment infinite loop
(LP: #1900255)
- debian/patches/0010-set-language.patch: updated to use O_NOFOLLOW
and limit the number of lines read from file.
- CVE-2020-16127
-- Marc Deslauriers <email address hidden> Mon, 02 Nov 2020 12:02:46 -0500
