Your message dated Sun, 11 Jan 2009 17:47:08 +0000
with message-id <e1lm4oy-0005uk...@ries.debian.org>
and subject line Bug#510709: fixed in smart-notifier 0.28-1.1
has caused the Debian Bug report #510709,
regarding smart-notifier: /etc/dbus-1/system.d file needs alterations for fd.o
#18961
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
510709: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510709
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: smart-notifier
Version: 0.28-1
Severity: normal
User: pkg-utopia-maintain...@lists.alioth.debian.org
Usertags: fdo-18961
smart-notifier's D-Bus system.d config should be updated to fix
non-deterministic allow/deny for messages with no interface; the D-Bus
upstream recommendation seems to be that every allow or deny rule with
send_interface="..." should have a suitable send_destination attribute too.
http://bugs.freedesktop.org/show_bug.cgi?id=18961 is the D-Bus bug tracking
this; there have also been discussions on the D-Bus mailing list.
Please test the resulting package against the updated dbus package from
http://people.debian.org/~smcv/dbus-cve-2008-4311/ (you might be better
off waiting until hal's current RC bug has been fixed before you upgrade);
as far as I can tell, it *should* be OK with deny-by-default, but it
might not be.
Regards from the Cambridge BSP,
Simon
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: smart-notifier
Source-Version: 0.28-1.1
We believe that the bug you reported is fixed in the latest version of
smart-notifier, which is due to be installed in the Debian FTP archive:
smart-notifier_0.28-1.1.diff.gz
to pool/main/s/smart-notifier/smart-notifier_0.28-1.1.diff.gz
smart-notifier_0.28-1.1.dsc
to pool/main/s/smart-notifier/smart-notifier_0.28-1.1.dsc
smart-notifier_0.28-1.1_all.deb
to pool/main/s/smart-notifier/smart-notifier_0.28-1.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 510...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Simon McVittie <s...@debian.org> (supplier of updated smart-notifier package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 11 Jan 2009 17:21:30 +0000
Source: smart-notifier
Binary: smart-notifier
Architecture: source all
Version: 0.28-1.1
Distribution: unstable
Urgency: medium
Maintainer: Brian Sutherland <ji...@web.de>
Changed-By: Simon McVittie <s...@debian.org>
Description:
smart-notifier - graphical hard disk health status notifier
Closes: 507490 510709
Changes:
smart-notifier (0.28-1.1) unstable; urgency=medium
.
* Non-maintainer upload while dealing with D-Bus' CVE-2008-4311.
* Audit the D-Bus security policy file for compatibility with D-Bus versions
where CVE-2008-4311 has been fixed, and remove rules that appear to have
been cargo-culted from some other package and are likely to cause
unintended consequences for other packages (see freedesktop.org #18961).
* Only display the SMART message if it came from the part of smart_notifier
that only root can run, rather than allowing arbitrary local users to
spoof arbitrary messages from smartd. (Closes: #510709)
* Use the default Python version, and install version-independent modules
once, rather than once per supported Python version. Not RC, but I couldn't
bring myself to upload it without fixing this. (Closes: #507490)
Checksums-Sha1:
42209dbc8f4a4893093a42fda54a4b39061e8755 1078 smart-notifier_0.28-1.1.dsc
bf900e631bc212c74475cd5fa420e3dfcf72bba0 2172 smart-notifier_0.28-1.1.diff.gz
f611e7678f984dcf8e535c3ba9509988d3d03f3f 10888 smart-notifier_0.28-1.1_all.deb
Checksums-Sha256:
fcc44a32627829f9e35d07bfcc093b4bb2ea0b831ea75e9ce2e3299e99e0736c 1078
smart-notifier_0.28-1.1.dsc
f7743155c52994ce4e2c5fff7bb51b451db1cecfa3a1f088bcfc06eb1b14b0be 2172
smart-notifier_0.28-1.1.diff.gz
f85bdc23c6fb4cd437e266bfd945336e48099a2ec9565cafeeb6d130cc86b9a3 10888
smart-notifier_0.28-1.1_all.deb
Files:
96343df92315c2b9d4f6108ec77a9f24 1078 utils optional
smart-notifier_0.28-1.1.dsc
6e52841c6467d028ffbba3cdcb98433c 2172 utils optional
smart-notifier_0.28-1.1.diff.gz
b05f428237b9af03edb618bfd77e82a6 10888 utils optional
smart-notifier_0.28-1.1_all.deb
-----BEGIN PGP SIGNATURE-----
iD8DBQFJaixsWSc8zVUw7HYRAkPmAKCP2cMeNE3+loUGRTqHHnQ5c6u3uwCgnQs5
EF+yyKea8zYzO2LmcLtAb0U=
=bSja
-----END PGP SIGNATURE-----
--- End Message ---
