[Pkg-utopia-maintainers] Bug#508032: Bug#508032: Security vulnerability in dbus

[Michael Biebl]

Patrick Schoenfeld wrote:
> Hi,
> 
> I saw that you made an upload for bug #503532 and #508032 to
> experimental. Now I wonder if you plan to make an upload to unstable
> suitable for lenny?

Just some pointers:

Fedora did an upload for their stable distribution, and they were burnt heavily
[1], so that they reverted the upload again [2].

Two much unrelated (D-Bus using) software was broken by this change. There is a
tracking bug, which tries to collect all affected software [3]. And we don't
know yet, if more stuff is broken.

The fallout of this change is significant.
With lenny being in deep freeze, it would be really hard to get all affected
packages fixed and it potentially delays the release even further.

If we try to address this bug for lenny, we would need a clear ack from the
release team.

There is a proposed new release of dbus [4], which will revert the policy
changes again but add improved logging, to allow it to easier identify which
software is affected.


Cheers,
Michael


[1] http://lists.freedesktop.org/archives/dbus/2008-December/010759.html
[2] https://www.redhat.com/archives/fedora-devel-list/2008-December/msg01445.html
[3] https://bugs.freedesktop.org/show_bug.cgi?id=18980
[4] http://lists.freedesktop.org/archives/dbus/2008-December/010769.html

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20081218/ee746fe1/attachment.pgp