-
accountsservice (0.6.55-0ubuntu12~20.04.7) focal-security; urgency=medium
* SECURITY UPDATE: possible encrypted password disclosure
- debian/patches/CVE-2012-6655.patch: replace usermod -p with
chpasswd -e in src/user.c, src/util.c, src/util.h.
- CVE-2012-6655
-- Marc Deslauriers <email address hidden> Fri, 08 Mar 2024 12:25:40 -0500
-
accountsservice (0.6.55-0ubuntu12~20.04.6) focal-security; urgency=medium
* SECURITY UPDATE: use-after-free in user.c (LP: #2024182)
- debian/patches/0010-set-language.patch: updated to properly return
from functions after throw_error() has been called.
- CVE-2023-3297
-- Marc Deslauriers <email address hidden> Tue, 20 Jun 2023 07:26:26 -0400
-
accountsservice (0.6.55-0ubuntu12~20.04.5) focal-security; urgency=medium
* SECURITY UPDATE: double-free in the SetLanguage D-Bus method
(LP: #1950149)
- debian/patches/0010-set-language.patch: updated to remove g_autofree
on result of user_get_fallback_value().
- CVE-2021-3939
* debian/patches/0010-set-language.patch: updated to fix minor memory
leaks by adding g_autofree to results of user_update_environment().
-- Marc Deslauriers <email address hidden> Tue, 09 Nov 2021 07:23:14 -0500
-
accountsservice (0.6.55-0ubuntu12~20.04.4) focal-security; urgency=medium
* SECURITY UPDATE: accountsservice drop privileges SIGSTOP DoS
(LP: #1900255)
- debian/patches/0010-set-language.patch: updated to not drop real uid
and real gid in user_drop_privileges_to_user.
- debian/patches/0009-language-tools.patch: updated to not reset
effective uid.
- CVE-2020-16126
* SECURITY UPDATE: accountsservice .pam_environment infinite loop
(LP: #1900255)
- debian/patches/0010-set-language.patch: updated to use O_NOFOLLOW
and limit the number of lines read from file.
- CVE-2020-16127
-- Marc Deslauriers <email address hidden> Mon, 02 Nov 2020 12:03:54 -0500
-
accountsservice (0.6.55-0ubuntu12~20.04.2) focal; urgency=medium
* debian/patches/0010-set-language.patch:
- Don't dismiss C.UTF-8 as an invalid locale name (LP: #1873678)
-- Gunnar Hjalmarsson <email address hidden> Sat, 10 Oct 2020 21:31:00 +0200
-
accountsservice (0.6.55-0ubuntu12~20.04.1) focal; urgency=medium
* Backport from groovy to focal.
accountsservice (0.6.55-0ubuntu12) groovy; urgency=medium
* Cherry-pick from unstable.
* Add patch to not crash in the library when the daemon goes away
(Closes: #948228) (LP: #1843982)
-- Iain Lane <email address hidden> Tue, 05 May 2020 17:05:26 +0100
-
accountsservice (0.6.55-0ubuntu11) focal; urgency=medium
* debian/control:
- Dropped gnome-doc-utils from Build-Depends (removed from archive)
-- Gunnar Hjalmarsson <email address hidden> Mon, 30 Mar 2020 21:22:00 +0200
-
accountsservice (0.6.55-0ubuntu10) eoan; urgency=medium
* debian/patches/0010-set-language.patch:
- Make the Language and FormatsLocale properties in the keyfile be
in sync with ~/.pam_environment. In principle this restores the
behavior to the state before 0.6.50 (LP: #1842349).
* debian/patches/0016-add-input-sources-support.patch:
- Refreshed the src/user.c chunks.
-- Gunnar Hjalmarsson <email address hidden> Sun, 15 Sep 2019 02:45:00 +0200
