Ubuntu
dbus package

  1. Bug #1644323
  2. Comment #24

Comment 24 for bug 1644323

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package dbus - 1.10.6-1ubuntu3.4

---------------
dbus (1.10.6-1ubuntu3.4) xenial-security; urgency=medium

  * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
    - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
      reject DBUS_COOKIE_SHA1 for users other than the server owner in
      dbus/dbus-auth.c.
    - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
      add basic test coverage for DBUS_COOKIE_SHA1 in
      dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
      dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
      test/data/auth/cookie-sha1-username.auth-script,
      test/data/auth/cookie-sha1.auth-script.
    - CVE-2019-12749

 -- Marc Deslauriers <email address hidden> Mon, 10 Jun 2019 14:06:01 -0400