Your message dated Sat, 10 Jan 2009 16:17:15 +0000
with message-id <e1llgwr-00060v...@ries.debian.org>
and subject line Bug#510744: fixed in system-tools-backends 2.6.0-2lenny1
has caused the Debian Bug report #510744,
regarding system-tools-backends: /etc/dbus-1/system.d file needs alterations
for fd.o #18961
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
510744: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510744
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: system-tools-backends
Version: 2.6.0-2
Severity: normal
User: pkg-utopia-maintain...@lists.alioth.debian.org
Usertags: fdo-18961 CVE-2008-4311
system-tools-backends's D-Bus system.d config doesn't seem to allow
introspection of the configuration modules. This used to be allowed by a
dbus-daemon bug that caused the default to be allow; we're now trying to
fix this.
However, the configuration modules don't actually seem to be intended to
be accessed except via the dispatcher, so this might be acceptable
(since the dispatcher doesn't call Introspect). As a result, I've only
filed this bug as normal, although I'll escalate it to serious if
testing with the default-deny version of D-Bus fails.
https://bugs.freedesktop.org/show_bug.cgi?id=18980 is an upstream tracking
bug for services with this problem.
As a related 'normal' bug which should be fixed at the same time, the config
file should also be updated to fix non-deterministic allow/deny
for messages with no interface; the D-Bus upstream recommendation seems to
be that every allow or deny rule with send_interface="..." should have a
suitable send_destination attribute too. It's unclear to me whether the
FooConfig modules are separate processes, or in-process with the main
daemon; if they're separate processes they'll each need a
send_destination rule.
http://bugs.freedesktop.org/show_bug.cgi?id=18961 is the D-Bus bug tracking
the send_interface issue, and there have also been discussions on the D-Bus
mailing list.
Regards from the Cambridge BSP,
Simon
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: system-tools-backends
Source-Version: 2.6.0-2lenny1
We believe that the bug you reported is fixed in the latest version of
system-tools-backends, which is due to be installed in the Debian FTP archive:
system-tools-backends-dev_2.6.0-2lenny1_all.deb
to
pool/main/s/system-tools-backends/system-tools-backends-dev_2.6.0-2lenny1_all.deb
system-tools-backends_2.6.0-2lenny1.diff.gz
to
pool/main/s/system-tools-backends/system-tools-backends_2.6.0-2lenny1.diff.gz
system-tools-backends_2.6.0-2lenny1.dsc
to pool/main/s/system-tools-backends/system-tools-backends_2.6.0-2lenny1.dsc
system-tools-backends_2.6.0-2lenny1_amd64.deb
to
pool/main/s/system-tools-backends/system-tools-backends_2.6.0-2lenny1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 510...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Josselin Mouette <j...@debian.org> (supplier of updated system-tools-backends
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 10 Jan 2009 16:50:01 +0100
Source: system-tools-backends
Binary: system-tools-backends system-tools-backends-dev
Architecture: source all amd64
Version: 2.6.0-2lenny1
Distribution: unstable
Urgency: low
Maintainer: Jose Carlos Garcia Sogo <js...@debian.org>
Changed-By: Josselin Mouette <j...@debian.org>
Description:
system-tools-backends - System Tools to manage computer configuration --
scripts
system-tools-backends-dev - System Tools to manage computer configuration --
development file
Closes: 510744
Changes:
system-tools-backends (2.6.0-2lenny1) unstable; urgency=low
.
[ Loic Minier ]
* Don't rm_conffile /etc/dbus-1/event.d/70system-tools-backends during first
configuration.
.
[ Josselin Mouette ]
* 05_cve_2008_4311.patch: new patch by Simon McVittie. Specify
permissions with send_destination instead of send_interface. Makes
backends work with the dbus packages fixing CVE-2008-4311.
Closes: #510744.
Checksums-Sha1:
5ea1eaa9a3de2fb5b5e77967ea83525c0b15d052 1444
system-tools-backends_2.6.0-2lenny1.dsc
a9e32d09dc05d2b5cd91856936960d3f0913390c 10125
system-tools-backends_2.6.0-2lenny1.diff.gz
9b10f181d8e988f1fb3a40d0f28ec0f1dd4ebfac 77146
system-tools-backends-dev_2.6.0-2lenny1_all.deb
b9278f7a220997f14e16d18dbea5deebad0ba019 176310
system-tools-backends_2.6.0-2lenny1_amd64.deb
Checksums-Sha256:
1aeb121ff6a1a29f30398ef1faa3c2d70913001473980850d01963aabb245ff3 1444
system-tools-backends_2.6.0-2lenny1.dsc
8f92fcefce91f0c0b8c530072701091d2bc5d9003a2bf0f0c769b2249a4186b0 10125
system-tools-backends_2.6.0-2lenny1.diff.gz
d7893ebeb915b8e27874fd275d73ffb61634cdd5b21977bae4e8d72897b33777 77146
system-tools-backends-dev_2.6.0-2lenny1_all.deb
9e6abcb364f77a28cd7aaf7e871b6ae6dc8f949a2f7efb1d7342fa3b84dd45e3 176310
system-tools-backends_2.6.0-2lenny1_amd64.deb
Files:
db92ce3400999b5950f22643a1d0a8f5 1444 admin optional
system-tools-backends_2.6.0-2lenny1.dsc
65b90e7ad57406a8686a92238173fcba 10125 admin optional
system-tools-backends_2.6.0-2lenny1.diff.gz
e3f173b0c43b005ffa3b9dfc3ad61dc7 77146 devel optional
system-tools-backends-dev_2.6.0-2lenny1_all.deb
ef90c912361ca033a43166dbcdd34c52 176310 admin optional
system-tools-backends_2.6.0-2lenny1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJaMcerSla4ddfhTMRAsC7AJ4se71UgkbixQJSNXSPYh06jQxQoQCeM/U/
UbXRZDjTSLyEUsjJSaTqGOY=
=njZe
-----END PGP SIGNATURE-----
--- End Message ---
