Your message dated Thu, 23 May 2013 11:04:08 +0000
with message-id <[email protected]>
and subject line Bug#703281: fixed in rygel 0.18.2-1
has caused the Debian Bug report #703281,
regarding rygel security issue
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
703281: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703281
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: rygel
Version: 0.14.3-2
Severity: important
Dear Maintainer,
The current version of rygel which is part of Debian Wheezy contains a
possibly security issue:
When starting rygel preferences a second time (without having changed the
preferences) the sharing option is activated.
Therefore everyone starting rygel preferences for once, activates the uPnP
sharing function of all default folders (Music, Videos, Pictures)
unintentionally.
Considering the latest events with general uPnP security issues, this
might be a very serious security issue with might lead to compromising the
system.
I replicated the bug using Debian release candidate as well as even more
current versions. The gnome 3 fallback mode was used.
greetings
--- End Message ---
--- Begin Message ---
Source: rygel
Source-Version: 0.18.2-1
We believe that the bug you reported is fixed in the latest version of
rygel, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Henriksson <[email protected]> (supplier of updated rygel package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 18 May 2013 17:08:27 +0200
Source: rygel
Binary: rygel rygel-dbg rygel-2.0-dev librygel-core-2.0-1 librygel-server-2.0-1
librygel-renderer-2.0-1 librygel-renderer-gst-2.0-1 rygel-mediathek
rygel-tracker rygel-gst-renderer rygel-playbin rygel-gst-launch
rygel-preferences
Architecture: source amd64 all
Version: 0.18.2-1
Distribution: unstable
Urgency: low
Maintainer: Debian Rygel Maintainers <[email protected]>
Changed-By: Andreas Henriksson <[email protected]>
Description:
librygel-core-2.0-1 - GNOME UPnP/DLNA services - core library
librygel-renderer-2.0-1 - GNOME UPnP/DLNA services - renderer library
librygel-renderer-gst-2.0-1 - GNOME UPnP/DLNA services - renderer library
librygel-server-2.0-1 - GNOME UPnP/DLNA services - server library
rygel - GNOME UPnP/DLNA services
rygel-2.0-dev - GNOME UPnP/DLNA services - plugin development files
rygel-dbg - GNOME UPnP/DLNA services
rygel-gst-launch - GNOME UPnP/DLNA services - gst-launch plugin
rygel-gst-renderer - transitional dummy package
rygel-mediathek - GNOME UPnP/DLNA services - Mediathek plugin
rygel-playbin - GNOME UPnP/DLNA services - GStreamer Media Renderer plugin
rygel-preferences - GNOME UPnP/DLNA services - preferences tool
rygel-tracker - GNOME UPnP/DLNA services - Tracker plugin
Closes: 703281
Changes:
rygel (0.18.2-1) unstable; urgency=low
.
* Imported Upstream version 0.18.2
- Includes "ui: Check that autostart file exists" (Closes: #703281)
* Revert "Add patch from upstream to work around vala bug causing ..."
- debian/patches/0001-engine-gst-Fix-obscure-test-failure.patch
- now included in upstream release.
* patch rygel-preferences to properly restore configured interface
- debian/patches/0001-ui-don-t-lose-the-interface-setting.patch
- see https://bugzilla.gnome.org/show_bug.cgi?id=700570
* Add alternative tracker-sparql 0.16 build-dependency
* Make rygel-playbin depend on gstreamer1.0-plugins-good.
Thanks to Jens Georg for finding and suggesting this.
Checksums-Sha1:
b183aa9a03550b4d1e499eda4ee65990e9fbdf36 2460 rygel_0.18.2-1.dsc
fe4373d40dd2ee521d1a02136650c9d519c1bcca 3132572 rygel_0.18.2.orig.tar.xz
d3b27427703d92a872c716b9b348d4bae0dbc994 11121 rygel_0.18.2-1.debian.tar.gz
4391eb35b774684be8864cd6392b7e161847c1e0 930594 rygel_0.18.2-1_amd64.deb
5e4e9e557376a6fdcbdea77b2331a6a015ba112a 3000630 rygel-dbg_0.18.2-1_amd64.deb
2659e3c38fe817154e787ebd94f574c1a7c19f75 620620
rygel-2.0-dev_0.18.2-1_amd64.deb
a811ca8a1abe2d3ea99f6173a73e3c5e6eaf2bcb 470454
librygel-core-2.0-1_0.18.2-1_amd64.deb
40e81945ee700910087a51c4f9ca604a0a39bb1c 600726
librygel-server-2.0-1_0.18.2-1_amd64.deb
8e127649b400dfa73b90bda6841df7bcc383edae 448618
librygel-renderer-2.0-1_0.18.2-1_amd64.deb
cf2794187be098e443503bddfc99bbd6bb9615e1 424974
librygel-renderer-gst-2.0-1_0.18.2-1_amd64.deb
1e50f3c5d4b884a855fb75826f3555b22b72fe8a 432378
rygel-mediathek_0.18.2-1_amd64.deb
d684a5cbef52fc037667c805fafbb4b3fc746b3b 474082
rygel-tracker_0.18.2-1_amd64.deb
3c6ffd4e421a3fbae1d873e4841082579190d7ce 411772
rygel-gst-renderer_0.18.2-1_all.deb
de4e34d49445285ce4d03d2ffcfaac43929a0008 415226
rygel-playbin_0.18.2-1_amd64.deb
b1057168d29fbdcd748e70f5b2b223658404c2f5 420062
rygel-gst-launch_0.18.2-1_amd64.deb
5065322f35c5cbcc628da34147e4a2048d13ca6c 439940
rygel-preferences_0.18.2-1_amd64.deb
Checksums-Sha256:
a2edb83c8244990a2361f89d24f66ae09e4283a4dc2c4d0a71f39b318a539397 2460
rygel_0.18.2-1.dsc
26dea444e69f68cec822e58080162d056528a518b9b155503016a19dda0b48a4 3132572
rygel_0.18.2.orig.tar.xz
b3f60d22c3cfdf90b4cd7da7378126d53626401870563e9d980dde817a7f4b4c 11121
rygel_0.18.2-1.debian.tar.gz
8b91d1b65bd613fc90108cb3c52851833289da088baac40282fadb3790bf626c 930594
rygel_0.18.2-1_amd64.deb
813d7786946257aa7116a93febb1a7a0cc0c909057b8013a4faddcb87fe9e4ce 3000630
rygel-dbg_0.18.2-1_amd64.deb
c9410a67914b3cbb95280a984fe186a040121e2892c542a8738c01ff8288a044 620620
rygel-2.0-dev_0.18.2-1_amd64.deb
ce26d4720e18b09edd0e6889731cd27fd7bdecf96699cda3393f14b01b53e026 470454
librygel-core-2.0-1_0.18.2-1_amd64.deb
f5e6e49f295d483ddee969911fedc9a6f09fae93f9da6e452239a95bdbb99b36 600726
librygel-server-2.0-1_0.18.2-1_amd64.deb
5efd4eb332045a4b6eabcf0e142a839995adc2953284e712bcbf202bbade9d17 448618
librygel-renderer-2.0-1_0.18.2-1_amd64.deb
de0c5f87e70d0d6a45e6a9009dc37dd3a69ddce232d90e37a21628fc49e91d04 424974
librygel-renderer-gst-2.0-1_0.18.2-1_amd64.deb
d97e5e9c8782670608b4c008ad9f8ca310323741088a453eb964550d0170d1ca 432378
rygel-mediathek_0.18.2-1_amd64.deb
d5814c0a141e5e30156079c4a5536a9060e9093747ee18fd61d8586d6abbf77b 474082
rygel-tracker_0.18.2-1_amd64.deb
fbe2f80e9ebfb10f8db8183f5a966fbf5bfdba1c27f4ac90a54b06e3ec76a940 411772
rygel-gst-renderer_0.18.2-1_all.deb
c6e298fc006aac048385374ad4ce5abf4f183fbe2970cfa6e5d1ac484f833995 415226
rygel-playbin_0.18.2-1_amd64.deb
236becb4001d2f8283176e621c3369fec772e068bdd0846add18673a4e6e5383 420062
rygel-gst-launch_0.18.2-1_amd64.deb
e132f0746d4e2a2a563e9545224402be68a1756dc533b090c01132aca9e2c818 439940
rygel-preferences_0.18.2-1_amd64.deb
Files:
44f9dc75b427a883c7276ed114a50c77 2460 net extra rygel_0.18.2-1.dsc
fd7bdb0562b82b1ed4ceb40e5fa89f6d 3132572 net extra rygel_0.18.2.orig.tar.xz
1031c75588e47dccfc34a501ea088432 11121 net extra rygel_0.18.2-1.debian.tar.gz
83df7c63e61639f91eb91655305f689d 930594 net extra rygel_0.18.2-1_amd64.deb
7de3ea7db0b5227f8582b0d63484de2c 3000630 debug extra
rygel-dbg_0.18.2-1_amd64.deb
b7444736dd21c1bb7dc5028dd3581061 620620 devel extra
rygel-2.0-dev_0.18.2-1_amd64.deb
7e4cfe67f55a16ab5de9e86e0a26ad90 470454 libs extra
librygel-core-2.0-1_0.18.2-1_amd64.deb
4c53852fe0c200cfc64e52a310937d92 600726 libs extra
librygel-server-2.0-1_0.18.2-1_amd64.deb
5bacde31d64f09e833502e9278cd3dbb 448618 libs extra
librygel-renderer-2.0-1_0.18.2-1_amd64.deb
23f4c540d1981f6c6fb6ec5ab4856d63 424974 libs extra
librygel-renderer-gst-2.0-1_0.18.2-1_amd64.deb
2a66cb7520885eb4e4ba0c959af78d5a 432378 net extra
rygel-mediathek_0.18.2-1_amd64.deb
16abb599bb506c63950262fe4b2321f4 474082 net extra
rygel-tracker_0.18.2-1_amd64.deb
94589d3c6f157b1f1132177bf0ae8d3e 411772 oldlibs extra
rygel-gst-renderer_0.18.2-1_all.deb
379d1e05e8451c641d1fa2af26ff36f7 415226 net extra
rygel-playbin_0.18.2-1_amd64.deb
c68eea5664cdfe008be0ab31e39821cd 420062 net extra
rygel-gst-launch_0.18.2-1_amd64.deb
dc1d0441bc942037476b695a45cb9222 439940 net extra
rygel-preferences_0.18.2-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlGd8xwACgkQcgQ2cL3l8e4tWACePLQO8qrpHCPeESQrBZ+hn6bh
B6MAoMa6CmJnYl12VufHPgkqfKu/Vb/q
=u8If
-----END PGP SIGNATURE-----
--- End Message ---
