[Pkg-utopia-maintainers] Bug#700638: CVE-2013-0292: authentication bypass due to insufficient checks in dbus-glib < 0.100.1
Simon McVittie
smcv at debian.org
Fri Feb 15 18:25:39 UTC 2013
found 700638 0.88-2.1
thanks
On 15/02/13 17:44, Simon McVittie wrote:
> pam_fprintd is not present in stable or oldstable, but I'll check whether
> this bug was present in those versions of dbus-glib, in case there are other
> exploitation vectors.
I can confirm that this bug is present in the version of dbus-glib in
squeeze, and that cherry-picking upstream commit 166978a09cf fixes it.
In the packaging used in squeeze, this should be as simple as the
attached debdiff (built but (so far) untested, I'll test it on a squeeze
machine this evening).
Security team: what do you want me to do about this? Should I upload
0.88-2.1+squeeze1 to security-master, or go through the SPU process, or
do you want to handle it?
Thanks,
S
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dbus-glib_0.88-2.1+squeeze1.diff
Type: text/x-patch
Size: 3017 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20130215/70d5a9a1/attachment.bin>
More information about the Pkg-utopia-maintainers
mailing list