Your message dated Sun, 04 Jan 2009 19:17:05 +0000
with message-id <e1ljytb-0000g0...@ries.debian.org>
and subject line Bug#510698: fixed in odccm 0.11.1-4
has caused the Debian Bug report #510698,
regarding odccm: DBus config file doesn't list all neccessary rules and will be
broken by the fix for 503532
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
510698: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510698
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: odccm
Version: 0.11.1-2
Severity: serious
Justification: Blocks the fix for CVE-2008-4311
The config file doesn't allow introspection, which is not enabled by
default, it was only working because off a bug in dbus. It's recommended
that you use send_destination to allow all messages to your service. In
addition, you should not use send_interface without send_destination.
It's likely that all these rules could just be collapsed to one
send_destination rule to solve both problems.
This is a blocker for the CVE, so please fix quickly.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-4-686 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: odccm
Source-Version: 0.11.1-4
We believe that the bug you reported is fixed in the latest version of
odccm, which is due to be installed in the Debian FTP archive:
odccm_0.11.1-4.diff.gz
to pool/main/o/odccm/odccm_0.11.1-4.diff.gz
odccm_0.11.1-4.dsc
to pool/main/o/odccm/odccm_0.11.1-4.dsc
odccm_0.11.1-4_i386.deb
to pool/main/o/odccm/odccm_0.11.1-4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 510...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonny Lamb <jo...@debian.org> (supplier of updated odccm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 04 Jan 2009 18:58:29 +0000
Source: odccm
Binary: odccm
Architecture: source i386
Version: 0.11.1-4
Distribution: unstable
Urgency: high
Maintainer: Jonny Lamb <jo...@debian.org>
Changed-By: Jonny Lamb <jo...@debian.org>
Description:
odccm - Daemon to keep a connection to Windows Mobile device
Closes: 510698
Changes:
odccm (0.11.1-4) unstable; urgency=high
.
* debian/control: Added quilt Build-Dep.
* debian/rules: Added {,un}patch quilt target calls.
* debian/patches/: Added 01-fix-dbus-perms.diff to fix D-Bus system bus
permissions. (Closes: #510698)
Checksums-Sha1:
da653a42908095e1ab338632cb99886cbf9281b1 1220 odccm_0.11.1-4.dsc
0c6189a597bd9b719a4ebfa2bc54b2389b083fd0 4058 odccm_0.11.1-4.diff.gz
e77f136182fe5b927e1c502a605fc86d1311da5b 27034 odccm_0.11.1-4_i386.deb
Checksums-Sha256:
28dc27b74206efb473664811ae5d16f58ecf8d614dcb3edbbf8bfcef2dbff194 1220
odccm_0.11.1-4.dsc
4e29ea97c7f691aeada2902f99c2ee64ad1629882cbd7fd7675debc780502a11 4058
odccm_0.11.1-4.diff.gz
ef28d1a5f70291d64cd56769723b55c30ddf5220e7afe6f3a890dcf9f99d8dd2 27034
odccm_0.11.1-4_i386.deb
Files:
183b9ee9fd8ca84d922b3eebf5d0231f 1220 utils optional odccm_0.11.1-4.dsc
40b861c390ae368f9b38d91804ae681a 4058 utils optional odccm_0.11.1-4.diff.gz
c3b76fe88128d9d161f1cf22d272a36b 27034 utils optional odccm_0.11.1-4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAklhB7oACgkQwYr7ny4DlAIYTACeNtHFp3iTAOheKZOdhzFJp1ok
4OsAoLyB71QhsmHbMkq7GF/INblkmqWC
=108C
-----END PGP SIGNATURE-----
--- End Message ---
