Your message dated Sun, 21 Feb 2016 10:49:21 +0000 with message-id <20160221104921.GL6200@betterave.cristau.org> and subject line Re: Bug#776617: wheezy-pu: fso stack has caused the Debian Bug report #776617, regarding wheezy-pu: fso stack to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 776617: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776617 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: wheezy-pu: fso stack
- From: Sebastian Reichel <sre@debian.org>
- Date: Fri, 30 Jan 2015 01:43:16 +0100
- Message-id: <20150130004316.11780.18429.reportbug@earth.universe>
Package: release.debian.org Severity: normal Tags: wheezy User: release.debian.org@packages.debian.org Usertags: pu Hi, I just requested unblocking of the fso stack for unstable -> testing migration. I also prepared fixed packages for wheezy and the security team send me here. This is the debdiff for the proposed stable updates: === debdiff fso-datad_0.11.0-1.dsc fso-datad_0.11.0-1+deb7u1.dsc === diff -Nru fso-datad-0.11.0/debian/changelog fso-datad-0.11.0/debian/changelog --- fso-datad-0.11.0/debian/changelog 2012-05-26 10:29:47.000000000 +0200 +++ fso-datad-0.11.0/debian/changelog 2015-01-28 00:18:22.000000000 +0100 @@ -1,3 +1,9 @@ +fso-datad (0.11.0-1+deb7u1) wheezy-security; urgency=high + + * Fix DBus permissions (Closes: CVE-2014-8156) + + -- Sebastian Reichel <sre@debian.org> Wed, 28 Jan 2015 00:04:16 +0100 + fso-datad (0.11.0-1) unstable; urgency=low * New upstream release diff -Nru fso-datad-0.11.0/debian/patches/fix-dbus-permissions.patch fso-datad-0.11.0/debian/patches/fix-dbus-permissions.patch --- fso-datad-0.11.0/debian/patches/fix-dbus-permissions.patch 1970-01-01 01:00:00.000000000 +0100 +++ fso-datad-0.11.0/debian/patches/fix-dbus-permissions.patch 2015-01-28 00:15:03.000000000 +0100 @@ -0,0 +1,24 @@ +From: Sebastian Reichel <sre@debian.org> +Reported-By: Simon McVittie <simon.mcvittie@collabora.co.uk> +Last-Update: 2015-01-20 +Description: Fix Security Problem in DBus Configuration + Old configuration allows every local user to send arbitrary D-Bus + messages to the path /org/freesmartphone/Framework on *any* D-Bus + system service (rough HTTP analogy: send a POST to + http://server/org/freesmartphone/Framework on any server). +Bug-CVE: https://security-tracker.debian.org/tracker/CVE-2014-8156 + +Index: fso-datad/data/fsodatad.conf +=================================================================== +--- fso-datad.orig/data/fsodatad.conf ++++ fso-datad/data/fsodatad.conf +@@ -3,8 +3,7 @@ + <busconfig> + <policy context="default"> + <allow own="org.freesmartphone.odatad"/> +- <allow send_path="/org/freesmartphone/Time"/> +- <allow send_destination="org.freesmartphone.odatad"/> ++ <allow send_destination="org.freesmartphone.odatad" send_path="/org/freesmartphone/Time"/> + </policy> + <policy context="default"> + <allow send_interface="org.freedesktop.DBus.Introspectable"/> diff -Nru fso-datad-0.11.0/debian/patches/series fso-datad-0.11.0/debian/patches/series --- fso-datad-0.11.0/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ fso-datad-0.11.0/debian/patches/series 2015-01-28 00:15:24.000000000 +0100 @@ -0,0 +1 @@ +fix-dbus-permissions.patch === debdiff fso-deviced_0.11.4-1.dsc fso-deviced_0.11.4-1+deb7u1.dsc === diff -Nru fso-deviced-0.11.4/debian/changelog fso-deviced-0.11.4/debian/changelog --- fso-deviced-0.11.4/debian/changelog 2012-06-01 07:00:15.000000000 +0200 +++ fso-deviced-0.11.4/debian/changelog 2015-01-28 01:17:12.000000000 +0100 @@ -1,3 +1,9 @@ +fso-deviced (0.11.4-1+deb7u1) wheezy-security; urgency=high + + * Fix DBus permissions (Closes: CVE-2014-8156) + + -- Sebastian Reichel <sre@debian.org> Wed, 28 Jan 2015 00:40:54 +0100 + fso-deviced (0.11.4-1) unstable; urgency=low * New upstream release diff -Nru fso-deviced-0.11.4/debian/patches/fix-dbus-permissions.patch fso-deviced-0.11.4/debian/patches/fix-dbus-permissions.patch --- fso-deviced-0.11.4/debian/patches/fix-dbus-permissions.patch 1970-01-01 01:00:00.000000000 +0100 +++ fso-deviced-0.11.4/debian/patches/fix-dbus-permissions.patch 2015-01-28 00:40:03.000000000 +0100 @@ -0,0 +1,24 @@ +From: Sebastian Reichel <sre@debian.org> +Reported-By: Simon McVittie <simon.mcvittie@collabora.co.uk> +Last-Update: 2015-01-20 +Description: Fix Security Problem in DBus Configuration + Old configuration allows every local user to send arbitrary D-Bus + messages to the path /org/freesmartphone/Framework on *any* D-Bus + system service (rough HTTP analogy: send a POST to + http://server/org/freesmartphone/Framework on any server). +Bug-CVE: https://security-tracker.debian.org/tracker/CVE-2014-8156 + +Index: fso-deviced/data/fsodeviced.conf +=================================================================== +--- fso-deviced.orig/data/fsodeviced.conf ++++ fso-deviced/data/fsodeviced.conf +@@ -3,8 +3,7 @@ + <busconfig> + <policy context="default"> + <allow own="org.freesmartphone.odeviced"/> +- <allow send_path="/org/freesmartphone/Device"/> +- <allow send_destination="org.freesmartphone.odeviced"/> ++ <allow send_destination="org.freesmartphone.odeviced" send_path="/org/freesmartphone/Device"/> + </policy> + <policy context="default"> + <allow send_interface="org.freedesktop.DBus.Introspectable"/> diff -Nru fso-deviced-0.11.4/debian/patches/series fso-deviced-0.11.4/debian/patches/series --- fso-deviced-0.11.4/debian/patches/series 2012-06-01 07:00:15.000000000 +0200 +++ fso-deviced-0.11.4/debian/patches/series 2015-01-28 00:40:13.000000000 +0100 @@ -1 +1,2 @@ openmoko-wifi-2.6.39.patch +fix-dbus-permissions.patch === debdiff fso-frameworkd_0.9.5.9+git20110512-4.dsc fso-frameworkd_0.9.5.9+git20110512-4+deb7u1.dsc === diff -Nru fso-frameworkd-0.9.5.9+git20110512/debian/changelog fso-frameworkd-0.9.5.9+git20110512/debian/changelog --- fso-frameworkd-0.9.5.9+git20110512/debian/changelog 2012-03-28 05:04:21.000000000 +0200 +++ fso-frameworkd-0.9.5.9+git20110512/debian/changelog 2015-01-28 01:05:39.000000000 +0100 @@ -1,3 +1,9 @@ +fso-frameworkd (0.9.5.9+git20110512-4+deb7u1) wheezy-security; urgency=high + + * Fix DBus permissions (Closes: CVE-2014-8156) + + -- Sebastian Reichel <sre@debian.org> Wed, 28 Jan 2015 00:59:39 +0100 + fso-frameworkd (0.9.5.9+git20110512-4) unstable; urgency=low * make fso-frameworkd-gta01 and fso-frameworkd-gta02 armel only, diff -Nru fso-frameworkd-0.9.5.9+git20110512/debian/patches/fix-dbus-permissions.patch fso-frameworkd-0.9.5.9+git20110512/debian/patches/fix-dbus-permissions.patch --- fso-frameworkd-0.9.5.9+git20110512/debian/patches/fix-dbus-permissions.patch1970-01-01 01:00:00.000000000 +0100 +++ fso-frameworkd-0.9.5.9+git20110512/debian/patches/fix-dbus-permissions.patch2015-01-28 00:57:48.000000000 +0100 @@ -0,0 +1,96 @@ +From: Sebastian Reichel <sre@debian.org> +Reported-By: Simon McVittie <simon.mcvittie@collabora.co.uk> +Last-Update: 2015-01-20 +Description: Fix Security Problem in DBus Configuration + Old configuration allows every local user to send arbitrary D-Bus + messages to the path /org/freesmartphone/Framework on *any* D-Bus + system service (rough HTTP analogy: send a POST to + http://server/org/freesmartphone/Framework on any server). +Bug-CVE: https://security-tracker.debian.org/tracker/CVE-2014-8156 + +Index: fso-frameworkd/etc/dbus-1/system.d/frameworkd.conf +=================================================================== +--- fso-frameworkd.orig/etc/dbus-1/system.d/frameworkd.conf ++++ fso-frameworkd/etc/dbus-1/system.d/frameworkd.conf +@@ -3,70 +3,57 @@ + <busconfig> + <policy context="default"> + <allow own="org.freesmartphone.testing"/> +- <allow send_path="/org/freesmartphone/testing"/> +- <allow send_destination="org.freesmartphone.testing"/> ++ <allow send_destination="org.freesmartphone.testing" send_path="/org/freesmartphone/testing"/> + </policy> + <policy context="default"> + <allow own="org.freesmartphone.onetworkd"/> +- <allow send_path="/org/freesmartphone.onetworkd"/> +- <allow send_destination="org.freesmartphone.onetwork"/> ++ <allow send_destination="org.freesmartphone.onetwork" send_path="/org/freesmartphone.onetworkd"/> + </policy> + <policy context="default"> + <allow own="org.freesmartphone.frameworkd"/> +- <allow send_path="/org/freesmartphone/Framework"/> +- <allow send_destination="org.freesmartphone.frameworkd"/> ++ <allow send_destination="org.freesmartphone.frameworkd" send_path="/org/freesmartphone/Framework"/> + </policy> + <policy context="default"> + <allow own="org.freesmartphone.odeviced"/> +- <allow send_path="/"/> + <allow send_destination="org.freesmartphone.odeviced"/> + </policy> + <policy context="default"> + <allow own="org.freesmartphone.oeventsd"/> +- <allow send_path="/org/freesmartphone/Events"/> +- <allow send_destination="org.freesmartphone.oeventsd"/> ++ <allow send_destination="org.freesmartphone.oeventsd" send_path="/org/freesmartphone/Events"/> + </policy> + <policy context="default"> + <allow own="org.freesmartphone.ousaged"/> +- <allow send_path="/org/freesmartphone/Usage"/> +- <allow send_destination="org.freesmartphone.ousaged"/> ++ <allow send_destination="org.freesmartphone.ousaged" send_path="/org/freesmartphone/Usage"/> + </policy> + <policy context="default"> + <allow own="org.freesmartphone.ogsmd"/> +- <allow send_path="/org/freesmartphone/GSM"/> +- <allow send_destination="org.freesmartphone.ogsmd"/> ++ <allow send_destination="org.freesmartphone.ogsmd" send_path="/org/freesmartphone/GSM"/> + </policy> + <policy context="default"> + <allow own="org.freesmartphone.ogpsd"/> + <allow own="org.freedesktop.Gypsy"/> +- <allow send_path="/org/freedesktop/Gypsy"/> + <allow send_destination="org.freesmartphone.ogpsd"/> + <allow send_destination="org.freedesktop.gypsy"/> + </policy> + <policy context="default"> + <allow own="org.freesmartphone.opreferencesd"/> +- <allow send_path="/org/freesmartphone/Preferences"/> +- <allow send_destination="org.freesmartphone.opreferencesd"/> ++ <allow send_destination="org.freesmartphone.opreferencesd" send_path="/org/freesmartphone/Preferences"/> + </policy> + <policy context="default"> + <allow own="org.freesmartphone.ophoned"/> +- <allow send_path="/org/freesmartphone/Phone"/> +- <allow send_destination="org.freesmartphone.ophoned"/> ++ <allow send_destination="org.freesmartphone.ophoned" send_path="/org/freesmartphone/Phone"/> + </policy> + <policy context="default"> + <allow own="org.freesmartphone.opimd"/> +- <allow send_path="/org/freesmartphone/PIM"/> +- <allow send_destination="org.freesmartphone.opimd"/> ++ <allow send_destination="org.freesmartphone.opimd" send_path="/org/freesmartphone/PIM"/> + </policy> + <policy context="default"> + <allow own="org.freesmartphone.otimed"/> +- <allow send_path="/org/freesmartphone/Time"/> +- <allow send_destination="org.freesmartphone.otimed"/> ++ <allow send_destination="org.freesmartphone.otimed" send_path="/org/freesmartphone/Time"/> + </policy> + <policy context="default"> + <allow own="org.freesmartphone.omuxerd"/> +- <allow send_path="/org/freesmartphone/GSM/Muxer"/> +- <allow send_destination="org.freesmartphone.omuxerd"/> ++ <allow send_destination="org.freesmartphone.omuxerd" send_path="/org/freesmartphone/GSM/Muxer"/> + <allow send_interface="org.freesmartphone.GSM.MUX"/> + </policy> + <policy context="default"> diff -Nru fso-frameworkd-0.9.5.9+git20110512/debian/patches/series fso-frameworkd-0.9.5.9+git20110512/debian/patches/series --- fso-frameworkd-0.9.5.9+git20110512/debian/patches/series 2012-03-28 05:04:21.000000000 +0200 +++ fso-frameworkd-0.9.5.9+git20110512/debian/patches/series 2015-01-28 00:58:07.000000000 +0100 @@ -1,3 +1,4 @@ fix-setup.py fix-ogpsd.patch fix-message-notfication.patch +fix-dbus-permissions.patch === debdiff fso-gsmd_0.11.3-2.dsc fso-gsmd_0.11.3-2+deb7u1.dsc === diff -Nru fso-gsmd-0.11.3/debian/changelog fso-gsmd-0.11.3/debian/changelog --- fso-gsmd-0.11.3/debian/changelog 2012-06-27 02:41:45.000000000 +0200 +++ fso-gsmd-0.11.3/debian/changelog 2015-01-28 01:11:10.000000000 +0100 @@ -1,3 +1,9 @@ +fso-gsmd (0.11.3-2+deb7u1) wheezy-security; urgency=high + + * Fix DBus permissions (Closes: CVE-2014-8156) + + -- Sebastian Reichel <sre@debian.org> Wed, 28 Jan 2015 01:04:52 +0100 + fso-gsmd (0.11.3-2) unstable; urgency=low * fso-gsmd 0.11.3 requires libgsm0710mux 0.11.2 diff -Nru fso-gsmd-0.11.3/debian/patches/fix-dbus-permissions.patch fso-gsmd-0.11.3/debian/patches/fix-dbus-permissions.patch --- fso-gsmd-0.11.3/debian/patches/fix-dbus-permissions.patch 1970-01-01 01:00:00.000000000 +0100 +++ fso-gsmd-0.11.3/debian/patches/fix-dbus-permissions.patch 2015-01-28 01:06:55.000000000 +0100 @@ -0,0 +1,24 @@ +From: Sebastian Reichel <sre@debian.org> +Reported-By: Simon McVittie <simon.mcvittie@collabora.co.uk> +Last-Update: 2015-01-20 +Description: Fix Security Problem in DBus Configuration + Old configuration allows every local user to send arbitrary D-Bus + messages to the path /org/freesmartphone/Framework on *any* D-Bus + system service (rough HTTP analogy: send a POST to + http://server/org/freesmartphone/Framework on any server). +Bug-CVE: https://security-tracker.debian.org/tracker/CVE-2014-8156 + +Index: fso-gsmd/data/fsogsmd.conf +=================================================================== +--- fso-gsmd.orig/data/fsogsmd.conf ++++ fso-gsmd/data/fsogsmd.conf +@@ -3,8 +3,7 @@ + <busconfig> + <policy context="default"> + <allow own="org.freesmartphone.ogsmd"/> +- <allow send_path="/org/freesmartphone/GSM"/> +- <allow send_destination="org.freesmartphone.ogsmd"/> ++ <allow send_destination="org.freesmartphone.ogsmd" send_path="/org/freesmartphone/GSM"/> + </policy> + <policy context="default"> + <allow send_interface="org.freedesktop.DBus.Introspectable"/> diff -Nru fso-gsmd-0.11.3/debian/patches/series fso-gsmd-0.11.3/debian/patches/series --- fso-gsmd-0.11.3/debian/patches/series 2012-06-27 02:41:45.000000000 +0200 +++ fso-gsmd-0.11.3/debian/patches/series 2015-01-28 01:07:02.000000000 +0100 @@ -2,3 +2,4 @@ phonebook-storage-dir.patch sms-storage-dir.patch fix-pkglibdir.patch +fix-dbus-permissions.patch === debdiff fso-usaged_0.11.0-1.dsc fso-usaged_0.11.0-1+deb7u1.dsc === diff -Nru fso-usaged-0.11.0/debian/changelog fso-usaged-0.11.0/debian/changelog --- fso-usaged-0.11.0/debian/changelog 2012-05-26 11:44:02.000000000 +0200 +++ fso-usaged-0.11.0/debian/changelog 2015-01-28 01:09:39.000000000 +0100 @@ -1,3 +1,9 @@ +fso-usaged (0.11.0-1+deb7u1) wheezy-security; urgency=high + + * Fix DBus permissions (Closes: CVE-2014-8156) + + -- Sebastian Reichel <sre@debian.org> Wed, 28 Jan 2015 01:08:45 +0100 + fso-usaged (0.11.0-1) unstable; urgency=low * New upstream release diff -Nru fso-usaged-0.11.0/debian/patches/fix-dbus-permissions.patch fso-usaged-0.11.0/debian/patches/fix-dbus-permissions.patch --- fso-usaged-0.11.0/debian/patches/fix-dbus-permissions.patch 1970-01-01 01:00:00.000000000 +0100 +++ fso-usaged-0.11.0/debian/patches/fix-dbus-permissions.patch 2015-01-28 01:10:04.000000000 +0100 @@ -0,0 +1,24 @@ +From: Sebastian Reichel <sre@debian.org> +Reported-By: Simon McVittie <simon.mcvittie@collabora.co.uk> +Last-Update: 2015-01-20 +Description: Fix Security Problem in DBus Configuration + Old configuration allows every local user to send arbitrary D-Bus + messages to the path /org/freesmartphone/Framework on *any* D-Bus + system service (rough HTTP analogy: send a POST to + http://server/org/freesmartphone/Framework on any server). +Bug-CVE: https://security-tracker.debian.org/tracker/CVE-2014-8156 + +Index: fso-usaged/data/fsousaged.conf +=================================================================== +--- fso-usaged.orig/data/fsousaged.conf ++++ fso-usaged/data/fsousaged.conf +@@ -3,8 +3,7 @@ + <busconfig> + <policy context="default"> + <allow own="org.freesmartphone.ousaged"/> +- <allow send_path="/org/freesmartphone/Usage"/> +- <allow send_destination="org.freesmartphone.ousaged"/> ++ <allow send_destination="org.freesmartphone.ousaged" send_path="/org/freesmartphone/Usage"/> + </policy> + <policy context="default"> + <allow send_interface="org.freedesktop.DBus.Introspectable"/> diff -Nru fso-usaged-0.11.0/debian/patches/series fso-usaged-0.11.0/debian/patches/series --- fso-usaged-0.11.0/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ fso-usaged-0.11.0/debian/patches/series 2015-01-28 01:10:11.000000000 +0100 @@ -0,0 +1 @@ +fix-dbus-permissions.patch === debdiff phonefsod_0.1+git20110827-3.dsc phonefsod_0.1+git20110827-3+deb7u1.dsc === diff -Nru phonefsod-0.1+git20110827/debian/changelog phonefsod-0.1+git20110827/debian/changelog --- phonefsod-0.1+git20110827/debian/changelog 2012-03-30 01:53:42.000000000 +0200 +++ phonefsod-0.1+git20110827/debian/changelog 2015-01-28 01:12:26.000000000 +0100 @@ -1,3 +1,9 @@ +phonefsod (0.1+git20110827-3+deb7u1) wheezy-security; urgency=high + + * Fix DBus permissions (Closes: CVE-2014-8156) + + -- Sebastian Reichel <sre@debian.org> Wed, 28 Jan 2015 01:12:08 +0100 + phonefsod (0.1+git20110827-3) unstable; urgency=low * Fix #665595 diff -Nru phonefsod-0.1+git20110827/debian/patches/fix-dbus-permissions.patch phonefsod-0.1+git20110827/debian/patches/fix-dbus-permissions.patch --- phonefsod-0.1+git20110827/debian/patches/fix-dbus-permissions.patch 1970-01-01 01:00:00.000000000 +0100 +++ phonefsod-0.1+git20110827/debian/patches/fix-dbus-permissions.patch 2015-01-28 01:12:43.000000000 +0100 @@ -0,0 +1,24 @@ +From: Sebastian Reichel <sre@debian.org> +Reported-By: Simon McVittie <simon.mcvittie@collabora.co.uk> +Last-Update: 2015-01-20 +Description: Fix Security Problem in DBus Configuration + Old configuration allows every local user to send arbitrary D-Bus + messages to the path /org/freesmartphone/Framework on *any* D-Bus + system service (rough HTTP analogy: send a POST to + http://server/org/freesmartphone/Framework on any server). +Bug-CVE: https://security-tracker.debian.org/tracker/CVE-2014-8156 + +Index: phonefsod/data/dbus-1/phonefsod.conf +=================================================================== +--- phonefsod.orig/data/dbus-1/phonefsod.conf ++++ phonefsod/data/dbus-1/phonefsod.conf +@@ -1,8 +1,7 @@ + <busconfig> + <policy user="root"> + <allow own="org.shr.phonefso"/> +- <allow send_path="/org/shr/phonefso/Usage"/> +- <allow send_destination="org.shr.phonefso"/> ++ <allow send_destination="org.shr.phonefso" send_path="/org/shr/phonefso/Usage"/> + <allow receive_sender="org.shr.phonefso"/> + </policy> + </busconfig> diff -Nru phonefsod-0.1+git20110827/debian/patches/series phonefsod-0.1+git20110827/debian/patches/series --- phonefsod-0.1+git20110827/debian/patches/series 2012-03-30 01:53:42.000000000 +0200 +++ phonefsod-0.1+git20110827/debian/patches/series 2015-01-28 01:12:52.000000000 +0100 @@ -1,3 +1,4 @@ no-output-before-daemonization.patch fix-ld-as-needed.patch remove-invidiual-glib-header-includes.patch +fix-dbus-permissions.patch diff -Nru phonefsod-0.1+git20110827/debian/phonefsod.conf phonefsod-0.1+git20110827/debian/phonefsod.conf --- phonefsod-0.1+git20110827/debian/phonefsod.conf 2012-03-30 01:53:42.000000000 +0200 +++ phonefsod-0.1+git20110827/debian/phonefsod.conf 2015-01-28 01:13:16.000000000 +0100 @@ -4,8 +4,7 @@ </policy> <policy context="default"> - <allow send_path="/org/shr/phonefso/Usage"/> - <allow send_destination="org.shr.phonefso"/> + <allow send_destination="org.shr.phonefso" send_path="/org/shr/phonefso/Usage"/> <allow receive_sender="org.shr.phonefso"/> </policy> </busconfig>
--- End Message ---
--- Begin Message ---
- To: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 776617-done@bugs.debian.org
- Cc: Sebastian Reichel <sre@debian.org>
- Subject: Re: Bug#776617: wheezy-pu: fso stack
- From: Julien Cristau <jcristau@debian.org>
- Date: Sun, 21 Feb 2016 10:49:21 +0000
- Message-id: <20160221104921.GL6200@betterave.cristau.org>
- In-reply-to: <1440168452.13537.14.camel@adam-barratt.org.uk>
- References: <20150130004316.11780.18429.reportbug@earth.universe> <1429978501.18212.21.camel@adam-barratt.org.uk> <1440168452.13537.14.camel@adam-barratt.org.uk>
On Fri, Aug 21, 2015 at 15:47:32 +0100, Adam D. Barratt wrote: > On Sat, 2015-04-25 at 17:15 +0100, Adam D. Barratt wrote: > > Control: tags -1 + confirmed > > > > Apologies for managing to overlook this when you filed it. > > > > On Fri, 2015-01-30 at 01:43 +0100, Sebastian Reichel wrote: > > > I just requested unblocking of the fso stack for unstable -> testing > > > migration. I also prepared fixed packages for wheezy and the security > > > team send me here. > > > > > > This is the debdiff for the proposed stable updates: > > > > > > === debdiff fso-datad_0.11.0-1.dsc fso-datad_0.11.0-1+deb7u1.dsc === > > > > > > diff -Nru fso-datad-0.11.0/debian/changelog fso-datad-0.11.0/debian/changelog > > > --- fso-datad-0.11.0/debian/changelog 2012-05-26 10:29:47.000000000 +0200 > > > +++ fso-datad-0.11.0/debian/changelog 2015-01-28 00:18:22.000000000 +0100 > > > @@ -1,3 +1,9 @@ > > > +fso-datad (0.11.0-1+deb7u1) wheezy-security; urgency=high > > > + > > > + * Fix DBus permissions (Closes: CVE-2014-8156) > > > > With s/-security//g in each of the new changelog stanzas, please go > > ahead; thanks. > > Ping? > No response or upload since August, closing. Cheers, JulienAttachment: signature.asc
Description: PGP signature
--- End Message ---