Bug#593249: [CVE 2010-1172] unblock: dbus-glib/0.88-2
On Mon, 16 Aug 2010 at 20:10:37 +0200, Julien Cristau wrote:
> > Colin Walters has released dbus-glib 0.88, with a security fix for system-bus
> > services that use dbus-glib (CVE 2010-1172,
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592753, Red Hat #585394,
> > LP #616517).
> >
> Please upload to sid.
Thanks. 0.88-2 is identical to -1, except for an extra changelog entry; I've
only set medium urgency, since the changes are substantial.
unblock dbus-glib/0.88-2
> > After uploading the version with the security fix, system services that are
> > vulnerable will need rebuilding against it. The new version of
> > dbus-binding-tool should arrange for the right data structures to appear,
> > without source changes.
> >
> Can you give us the list of packages that need to be rebuilt against the
> new dbus-glib?
I don't have a comprehensive list at the moment. The initial batch (those that
were known-affected in Fedora) is:
nmu network-manager_0.8.1-2 modemmanager_0.4+git.20100624t180933.6e79d15-1 udisks_1.0.1+git20100614-1 . ALL . -m 'Rebuild for CVE-2010-1172, see #592753'
dw network-manager_0.8.1-2 modemmanager_0.4+git.20100624t180933.6e79d15-1 udisks_1.0.1+git20100614-1 . ALL . -m 'libdbus-glib-1-dev (>= 0.88-2)'
Those three are in sync in squeeze and sid already, so that's easy. I'll
follow up here if I can work out a script to find all the affected packages...
Regards,
Simon
Reply to: