Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock packages: * fso-datad * fso-deviced * fso-frameworkd * fso-gsmd * fso-usaged * phonefsod Reason: security update regarding dbus configuration. Debdiff: I think it's pointless to include 6 almost identical debdiff files here. The only change in each package is a new patch fixing the DBus configuration. Here is the patch for fso-datad: $ cat debian/patches/fix-dbus-permissions.patch From: Sebastian Reichel <s...@debian.org> Reported-By: Simon McVittie <simon.mcvit...@collabora.co.uk> Last-Update: 2015-01-20 Description: Fix Security Problem in DBus Configuration Old configuration allows every local user to send arbitrary D-Bus messages to the path /org/freesmartphone/Framework on *any* D-Bus system service (rough HTTP analogy: send a POST to http://server/org/freesmartphone/Framework on any server). Bug-CVE: https://security-tracker.debian.org/tracker/CVE-2014-8156 Index: fso-datad/data/fsodatad.conf =================================================================== --- fso-datad.orig/data/fsodatad.conf +++ fso-datad/data/fsodatad.conf @@ -3,8 +3,7 @@ <busconfig> <policy context="default"> <allow own="org.freesmartphone.odatad"/> - <allow send_path="/org/freesmartphone/Time"/> - <allow send_destination="org.freesmartphone.odatad"/> + <allow send_destination="org.freesmartphone.odatad" send_path="/org/freesmartphone/Time"/> </policy> <policy context="default"> <allow send_interface="org.freedesktop.DBus.Introspectable"/> Commands: unblock fso-datad/0.12.0-3 unblock fso-deviced/0.12.0-5 unblock fso-frameworkd/0.9.5.9+git20110512-5 unblock fso-gsmd/0.12.0-4 unblock fso-usaged/0.12.0-3 unblock phonefsod/0.1+git20121018-2 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
