[SECURITY] [DSA 6209-1] xdg-dbus-proxy security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6209-1] xdg-dbus-proxy security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 13 Apr 2026 20:41:15 +0000
Message-id: <[🔎] ad1U62bpo0_t-Ug4@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6209-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 13, 2026                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xdg-dbus-proxy
CVE ID         : CVE-2026-34080

It was discovered that incorrect parsing of policy rules in the
xdg-dbus-proxy (a filtering proxy for D-Bus connections) allowed the
bypass of eavesdrop restrictions, which could result in information
disclosure.

For the stable distribution (trixie), this problem has been fixed in
version 0.1.6-1+deb13u1.

We recommend that you upgrade your xdg-dbus-proxy packages.

For the detailed security status of xdg-dbus-proxy please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xdg-dbus-proxy

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmndVDAACgkQEMKTtsN8
TjaPOg/8CHnhe62Ygsiut7Pkac6rdrgLCiqFtW0kVwMiOmdMsg6wXfAf63Bq5uaY
Ll2tMGLy45AnE2n7kPLA2Lx2rZ7N9vslHOdb+/n7IJ1Fjy3Jo1JfFXB7BSwsk06b
cMUdchBpQUhWWpQXee+ViooCjvoUU/WfJKAPlTFOsXFKr4VFnY0pRDcrpkTWNSkB
C/OblIsx0Hej39CFkN6KYFa9G5CODGa07SUXWGSKtp4+UCkBavxcG/+2N2ve78S5
l1rDgR5CJiQUjxn090/4tnBwsday2M1esxiFP9ih1lSXyaw38qoo1m7AYriWvHbO
g1Bgy7hsG6eZT3EAOW4VKALXwLKBlnlJNH5B3X/8GButN2mIvefd8Gv7nx+zabBI
HOW7Op4LG5of3g+l0r4As9oI0w/LH+VLN10R9urOQCDDN9pdu2U6dI9vg7qItBMU
S5ub00Svz7hG0qa/2IRwb9vMbjoV1PNu7V4KzXuFdDnGredZ8qBiRj9suy6tOd/r
kXj3AwMzfLTeZ/P7DKsYvAfA4agKL8qQAdyug6NlJ0BJxauPCzmVUS0ub0e0fyqx
x8IzuQSjgn5brpyqGxte3BBeVCCzmgbf9Vn+fO2IMM5qGTYRW/7bm5WnBZ9/t0Av
9Vlgp8fX26ef3wQ6W1+8oFhrweT0w/Q5lJDkqpQplKPhqRXSz04=
=r4lK
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6208-1] mediawiki security update
Next by Date: [SECURITY] [DSA 6210-1] imagemagick security update
Previous by thread: [SECURITY] [DSA 6208-1] mediawiki security update
Next by thread: [SECURITY] [DSA 6210-1] imagemagick security update
Index(es):
- Date
- Thread