Your message dated Sat, 18 Apr 2026 15:20:43 +0000
with message-id <[email protected]>
and subject line Bug#1132939: fixed in xdg-dbus-proxy 0.1.6-1+deb13u1
has caused the Debian Bug report #1132939,
regarding CVE-2026-34080: Eavesdrop filter bypass allows message interception
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1132939: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132939
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: xdg-dbus-proxy
Version: 0.1.0-1
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: Debian Security Team <[email protected]>
Control: fixed -1 0.1.7-1
Forwarded:
https://github.com/flatpak/xdg-dbus-proxy/security/advisories/GHSA-vjp5-hjfm-7677
xdg-dbus-proxy older than 0.1.7 does not detect all legacy eavesdropping
match rules. A malicious or compromised Flatpak app could use this to
spy on D-Bus message bus traffic that the app was not meant to be able
to see.
For testing/unstable, this is fixed in xdg-dbus-proxy 0.1.7.
For trixie or older, we'll need a backport of upstream commit
<https://github.com/flatpak/xdg-dbus-proxy/commit/4d0d1d74d4f40260a79161163b4b2f7276bce0b0>,
or a backport of the full 0.1.7 upstream release (which seems to be
bugfix-only).
smcv
--- End Message ---
--- Begin Message ---
Source: xdg-dbus-proxy
Source-Version: 0.1.6-1+deb13u1
Done: Simon McVittie <[email protected]>
We believe that the bug you reported is fixed in the latest version of
xdg-dbus-proxy, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon McVittie <[email protected]> (supplier of updated xdg-dbus-proxy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 10 Apr 2026 23:59:07 BST
Source: xdg-dbus-proxy
Architecture: source
Version: 0.1.6-1+deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Utopia Maintenance Team
<[email protected]>
Changed-By: Simon McVittie <[email protected]>
Closes: 1132939
Changes:
xdg-dbus-proxy (0.1.6-1+deb13u1) trixie-security; urgency=high
.
* d/gbp.conf: Configure for trixie
* d/p/Improve-detection-of-eavesdrop-true.patch:
Fix detection of eavesdrop=true match rules, resolving a vulnerability
in which a malicious or compromised Flatpak app could monitor D-Bus
traffic that it was not intended to be able to access.
(CVE-2026-34080) (Closes: #1132939)
Checksums-Sha256:
a61ba827ec23029ed746364a73484d318c1763ed0eac951755013d2d81e62bb3 2229
xdg-dbus-proxy_0.1.6-1+deb13u1.dsc
2c5aa245b89b4711ebad0a1f21d581cc5a6d5e293621f045dbfb7cc53e783f71 5164
xdg-dbus-proxy_0.1.6-1+deb13u1.debian.tar.xz
d1383aa7d0bc1cdc863353dd99ffd8250523288e6f42e8e60d818800692f30ac 7697
xdg-dbus-proxy_0.1.6-1+deb13u1_source.buildinfo
131bf59fce7c7ee7ecbc5d9106d6750f4f597bfe609966573240f7e4952973a1 48920
xdg-dbus-proxy_0.1.6.orig.tar.xz
Checksums-Sha1:
b02bd14a3f35ac5ea7a4dd31982b563d4b9f261b 2229
xdg-dbus-proxy_0.1.6-1+deb13u1.dsc
a8bf512338cf6d88998ce0469b9270b461d6d4fa 5164
xdg-dbus-proxy_0.1.6-1+deb13u1.debian.tar.xz
1c4b1cb0104b9c6be1a72352a1180f8514f9c289 7697
xdg-dbus-proxy_0.1.6-1+deb13u1_source.buildinfo
1792c13b329e535f4d75949cd722d5c3177552fa 48920 xdg-dbus-proxy_0.1.6.orig.tar.xz
Files:
861c9cd3901d028d26cdc018f0a555c1 2229 admin optional
xdg-dbus-proxy_0.1.6-1+deb13u1.dsc
43cd53ac059978a5fa088cea4fc7f722 5164 admin optional
xdg-dbus-proxy_0.1.6-1+deb13u1.debian.tar.xz
dfbd6771d4bf1b8a510fb05b557c4fd2 7697 admin optional
xdg-dbus-proxy_0.1.6-1+deb13u1_source.buildinfo
6d38a1b6bba80a3134270204558ba17e 48920 admin optional
xdg-dbus-proxy_0.1.6.orig.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEegc60a5pT6Jb/2LlI1wJnT6zMHYFAmnctEMACgkQI1wJnT6z
MHYb2w//SGl5pA+JNqMHjx0pNOej8qV7okTYB2y6JkyxxtHXWBvv98+a2LTz6m8q
GKNK61t+kEjD+p1OJym64QqMwG/YlD9GEf+A4HygpRtN3PQVkRs1ghxcbVQW5eSp
Oi9weaDIXFxOWfX9ss+NaiVQ1oAnbmsaLEJRL5LnC9WiTMBEVERfep320SR7tu3i
LbEq0+fpXt3omUkNo1M3eloirQ3HEL8RL1m/w2RDjEfJ0LcAGyjcMdb0TpLaB3Xf
eGTnlUBT6yEReyHVja0CAsadTb/YkVQOsEeUEwl8Ldlov+qxh1x4hQQ6Vbtczgom
DUdkA8wCsnu2bAA9pSL9CVkEIYu8WAUMk7x7hVtwovYDwYCpie0xKQncZHmbwz1F
Pst2cp1baWsVYECbhb9uw9XJYVDbJcqoxcCmYgywFR/nLnwArCedpWsnEP1uztIv
nDsGjpvJMYos3WBQNXv5Cl1442m+myujqXuwgtVthicfkgw7OfgdklbRP5ABMpsH
5TfKfQmWWHgElc/iW3svGAykPcikt5DbxrYBqKpEINu21IqKs9WUJQgGOcP6PXH3
TZRxonrgO1BWb+HscwqsmqHI/Bh922+sU69kOm1RD8XdKdb3TzayMlhcnnj8Alu0
t3sJu1kCyoTes8PBwoN4OnRiUUFYjfdgymF7KiUTHveCePsQ/yo=
=inYT
-----END PGP SIGNATURE-----
pgpv6L4MGJyLB.pgp
Description: PGP signature
--- End Message ---
_______________________________________________
Pkg-utopia-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers
