Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock
Please unblock package dbus-glib to fix CVE-2013-0292 (#700638):
unblock dbus-glib/0.100.1-1
I did a new upstream release with only the necessary change.
Source debdiff (with most of the autoreconf filtered out) follows.
Regards,
S
diffstat for dbus-glib-0.100 dbus-glib-0.100.1
configure.ac | 2 +-
dbus/dbus-gproxy.c | 7 ++++---
debian/changelog | 8 ++++++++
doc/reference/html/dbus-glib.devhelp2 | 2 +-
doc/reference/version.xml | 2 +-
5 files changed, 15 insertions(+), 6 deletions(-)
diff -Nru --exclude '*.html' --exclude aclocal.m4 --exclude configure --exclude
ltmain.sh --exclude libtool.m4 --exclude Makefile.in
dbus-glib-0.100/configure.ac dbus-glib-0.100.1/configure.ac
--- dbus-glib-0.100/configure.ac 2012-06-25 17:26:39.000000000 +0100
+++ dbus-glib-0.100.1/configure.ac 2013-02-15 16:59:23.000000000 +0000
@@ -1,7 +1,7 @@
dnl -*- mode: m4 -*-
AC_PREREQ(2.52)
-AC_INIT([dbus-glib], [0.100],
+AC_INIT([dbus-glib], [0.100.1],
[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus&component=GLib])
AC_CANONICAL_HOST
diff -Nru --exclude '*.html' --exclude aclocal.m4 --exclude configure --exclude
ltmain.sh --exclude libtool.m4 --exclude Makefile.in
dbus-glib-0.100/dbus/dbus-gproxy.c dbus-glib-0.100.1/dbus/dbus-gproxy.c
--- dbus-glib-0.100/dbus/dbus-gproxy.c 2012-06-25 17:18:59.000000000 +0100
+++ dbus-glib-0.100.1/dbus/dbus-gproxy.c 2013-02-15 16:58:42.000000000
+0000
@@ -1250,8 +1250,11 @@
GSList *tmp;
const char *sender;
+ sender = dbus_message_get_sender (message);
+
/* First we handle NameOwnerChanged internally */
- if (dbus_message_is_signal (message,
+ if (g_strcmp0 (sender, DBUS_SERVICE_DBUS) == 0 &&
+ dbus_message_is_signal (message,
DBUS_INTERFACE_DBUS,
"NameOwnerChanged"))
{
@@ -1280,8 +1283,6 @@
}
}
- sender = dbus_message_get_sender (message);
-
/* dbus spec requires these, libdbus validates */
g_assert (dbus_message_get_path (message) != NULL);
g_assert (dbus_message_get_interface (message) != NULL);
diff -Nru --exclude '*.html' --exclude aclocal.m4 --exclude configure --exclude
ltmain.sh --exclude libtool.m4 --exclude Makefile.in
dbus-glib-0.100/debian/changelog dbus-glib-0.100.1/debian/changelog
--- dbus-glib-0.100/debian/changelog 2012-06-25 18:25:33.000000000 +0100
+++ dbus-glib-0.100.1/debian/changelog 2013-02-15 17:15:32.000000000 +0000
@@ -1,3 +1,11 @@
+dbus-glib (0.100.1-1) unstable; urgency=high
+
+ * New upstream security release
+ - fixes insufficient checking leading to authentication bypass in
+ pam_fprintd (CVE-2013-0292)
+
+ -- Simon McVittie <s...@debian.org> Fri, 15 Feb 2013 17:03:52 +0000
+
dbus-glib (0.100-1) unstable; urgency=low
* Update dbus-daemon introspection (from dbus 1.6.2)
diff -Nru --exclude '*.html' --exclude aclocal.m4 --exclude configure --exclude
ltmain.sh --exclude libtool.m4 --exclude Makefile.in
dbus-glib-0.100/doc/reference/html/dbus-glib.devhelp2
dbus-glib-0.100.1/doc/reference/html/dbus-glib.devhelp2
--- dbus-glib-0.100/doc/reference/html/dbus-glib.devhelp2 2012-06-25
18:23:51.000000000 +0100
+++ dbus-glib-0.100.1/doc/reference/html/dbus-glib.devhelp2 2013-02-15
16:59:59.000000000 +0000
@@ -77,6 +77,6 @@
<keyword type="function" name="dbus_message_get_g_type ()"
link="dbus-glib-dbus-glib-lowlevel.html#dbus-message-get-g-type"/>
<keyword type="function" name="dbus_server_setup_with_g_main ()"
link="dbus-glib-dbus-glib-lowlevel.html#dbus-server-setup-with-g-main"/>
<keyword type="function" name="dbus_set_g_error ()"
link="dbus-glib-dbus-glib-lowlevel.html#dbus-set-g-error"/>
- <keyword type="" name="Options" link="dbus-binding-tool.html#idp5167568"/>
+ <keyword type="" name="Options" link="dbus-binding-tool.html#idp5277936"/>
</functions>
</book>
diff -Nru --exclude '*.html' --exclude aclocal.m4 --exclude configure --exclude
ltmain.sh --exclude libtool.m4 --exclude Makefile.in
dbus-glib-0.100/doc/reference/version.xml
dbus-glib-0.100.1/doc/reference/version.xml
--- dbus-glib-0.100/doc/reference/version.xml 2012-06-25 17:26:56.000000000
+0100
+++ dbus-glib-0.100.1/doc/reference/version.xml 2013-02-15 16:59:56.000000000
+0000
@@ -1 +1 @@
-0.100
+0.100.1
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/20130215181408.ga22...@reptile.pseudorandom.co.uk
