Accepted dbus 1.2.1-5+lenny1 (source all i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 18 Jun 2009 06:12:34 +0200
Source: dbus
Binary: dbus dbus-x11 libdbus-1-3 dbus-1-doc libdbus-1-dev
Architecture: source all i386
Version: 1.2.1-5+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Michael Biebl <biebl@debian.org>
Description:
dbus - simple interprocess messaging system
dbus-1-doc - simple interprocess messaging system (documentation)
dbus-x11 - simple interprocess messaging system (X11 deps)
libdbus-1-3 - simple interprocess messaging system
libdbus-1-dev - simple interprocess messaging system (development headers)
Closes: 532720
Changes:
dbus (1.2.1-5+lenny1) stable-security; urgency=high
.
* debian/patches/52-CVE-2009-1189.patch
- Security: The _dbus_validate_signature_with_reason function
(dbus-marshal-validate.c) uses incorrect logic to validate a basic type,
which allows remote attackers to spoof a signature via a crafted key.
NOTE: this is due to an incorrect fix for CVE-2008-3834
Closes: #532720
Fixes: CVE-2009-1189
* Urgency high for the security fix.
Checksums-Sha1:
cb786094e2c5f84f8debd3f3689502ff47dbb415 1608 dbus_1.2.1-5+lenny1.dsc
2c5b38d51b486e0143faf7749d298e07a8c71223 1406833 dbus_1.2.1.orig.tar.gz
00c1dca59e66dc869d7fda75f3966faefe65e3a7 39470 dbus_1.2.1-5+lenny1.diff.gz
d91d2bbb214b730ecbe1cd4723f0f2abea81c334 1830232 dbus-1-doc_1.2.1-5+lenny1_all.deb
f49025e8f7037851ddaa977e0e958a64600fd6a6 230180 dbus_1.2.1-5+lenny1_i386.deb
3d60281a46b9c81d7641c8b483801e6ac14e9c0f 64064 dbus-x11_1.2.1-5+lenny1_i386.deb
914731485a0c002bc7d10764ac5d8929a7aad8fa 148370 libdbus-1-3_1.2.1-5+lenny1_i386.deb
1e887a4570b976a994fad61a5356cd1b4ff39df2 235620 libdbus-1-dev_1.2.1-5+lenny1_i386.deb
Checksums-Sha256:
e87773cd23970ba061e1293a50f8984dae5b1f353143bd758f56b8a61b6b1778 1608 dbus_1.2.1-5+lenny1.dsc
8016540602189e1dca6aca6b7c0735706387e4f85ced75217c6a874980fd0e86 1406833 dbus_1.2.1.orig.tar.gz
b8808ce29aac824b69a0e80870970415820520e754fc1ff0a25b0b3d892df5db 39470 dbus_1.2.1-5+lenny1.diff.gz
cf29d785b4cb4f6830dab13b8adc2611424f35821f313214b427fd79a8e88b2d 1830232 dbus-1-doc_1.2.1-5+lenny1_all.deb
d974b3d263993fd96a920404c8d144fc7f72ce7fe884d23a78de28780cf23b55 230180 dbus_1.2.1-5+lenny1_i386.deb
0f9ad985e7019072770652b51e104fd96375302e39260b8e73474d0437cf95cb 64064 dbus-x11_1.2.1-5+lenny1_i386.deb
3a9714642675aad7b1bc4178a09e00aa1ff825ab08e3921ee0e2e4870d874d74 148370 libdbus-1-3_1.2.1-5+lenny1_i386.deb
63c61f6f7c737867d81193693a452f94989bd4bb08e55f5a21ad51e1dd6c7d31 235620 libdbus-1-dev_1.2.1-5+lenny1_i386.deb
Files:
e084fe269b41c84cdeaafae2b2633e9f 1608 devel optional dbus_1.2.1-5+lenny1.dsc
b57aa1ba0834cbbb1e7502dc2cbfacc2 1406833 devel optional dbus_1.2.1.orig.tar.gz
6b875822ae5036ba8bf83f2fae11fbf0 39470 devel optional dbus_1.2.1-5+lenny1.diff.gz
317e72d84e019f0006d84e9579fa4b66 1830232 doc optional dbus-1-doc_1.2.1-5+lenny1_all.deb
7ca48ece6eb966598f45394fa6f61ecb 230180 devel optional dbus_1.2.1-5+lenny1_i386.deb
64e2b9c17836231e7abc0aff34690001 64064 x11 optional dbus-x11_1.2.1-5+lenny1_i386.deb
a6fef063aace9660fcd7b518a1658299 148370 libs optional libdbus-1-3_1.2.1-5+lenny1_i386.deb
ac4307dc10c03340beeb13eefac1f600 235620 libdevel optional libdbus-1-dev_1.2.1-5+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpD8WoACgkQh7PER70FhVTGXgCffMJZNkChf5Ao5UCvaIMQ6b2/
MgIAn3sWIsIH19vnNh/64OaGNVIK93Gr
=2R2o
-----END PGP SIGNATURE-----
Accepted:
dbus-1-doc_1.2.1-5+lenny1_all.deb
to pool/main/d/dbus/dbus-1-doc_1.2.1-5+lenny1_all.deb
dbus-x11_1.2.1-5+lenny1_i386.deb
to pool/main/d/dbus/dbus-x11_1.2.1-5+lenny1_i386.deb
dbus_1.2.1-5+lenny1.diff.gz
to pool/main/d/dbus/dbus_1.2.1-5+lenny1.diff.gz
dbus_1.2.1-5+lenny1.dsc
to pool/main/d/dbus/dbus_1.2.1-5+lenny1.dsc
dbus_1.2.1-5+lenny1_i386.deb
to pool/main/d/dbus/dbus_1.2.1-5+lenny1_i386.deb
libdbus-1-3_1.2.1-5+lenny1_i386.deb
to pool/main/d/dbus/libdbus-1-3_1.2.1-5+lenny1_i386.deb
libdbus-1-dev_1.2.1-5+lenny1_i386.deb
to pool/main/d/dbus/libdbus-1-dev_1.2.1-5+lenny1_i386.deb
Reply to: