Your message dated Tue, 10 Jul 2012 16:02:11 +0000
with message-id <e1soct9-0002rr...@franck.debian.org>
and subject line Bug#679429: fixed in accountsservice 0.6.21-6
has caused the Debian Bug report #679429,
regarding CVE-2012-2737 - accountsservice information leak bug
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
679429: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679429
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: accountsservice
Severity: critical
Tags: patch security
See attached email: there’s a security issue in accountsservice that
allows to leak any file from the system.
https://bugzilla.redhat.com/show_bug.cgi?id=832532 has details and a
fix.
--
.''`. Josselin Mouette
: :' :
`. `'
`-
--- Begin Message ---
Hi,
There was a new accountsservice release today to deal with a local
file disclosure security issue (CVE-2012-2737)
See http://seclists.org/oss-sec/2012/q2/569 for more details.
--Ray
_______________________________________________
distributor-list mailing list
distributor-l...@gnome.org
https://mail.gnome.org/mailman/listinfo/distributor-list
--- End Message ---
--- End Message ---
--- Begin Message ---
Source: accountsservice
Source-Version: 0.6.21-6
We believe that the bug you reported is fixed in the latest version of
accountsservice, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 679...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alessio Treglia <ales...@debian.org> (supplier of updated accountsservice
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 10 Jul 2012 17:04:54 +0200
Source: accountsservice
Binary: accountsservice libaccountsservice0 libaccountsservice-dev
gir1.2-accountsservice-1.0 libaccountsservice-dbg
Architecture: source amd64
Version: 0.6.21-6
Distribution: unstable
Urgency: high
Maintainer: Alessio Treglia <ales...@debian.org>
Changed-By: Alessio Treglia <ales...@debian.org>
Description:
accountsservice - query and manipulate user account information
gir1.2-accountsservice-1.0 - GObject introspection data for AccountService
libaccountsservice-dbg - query and manipulate user account information - debug
libaccountsservice-dev - query and manipulate user account information -
header files
libaccountsservice0 - query and manipulate user account information - shared
libraries
Closes: 679429
Changes:
accountsservice (0.6.21-6) unstable; urgency=high
.
* CVE-2012-2737: Add patch to prevent race condition with UID
lookup (Closes: #679429):
- src/u{ser,til}.c: Use bus daemon to query peer credentials.
Checksums-Sha1:
fe9bedd119b2a6320376f3da04b785cc5256da86 2419 accountsservice_0.6.21-6.dsc
62b13b1289c111504ca5f7bc34ab12d467e3adc9 38824
accountsservice_0.6.21-6.debian.tar.gz
59c886bca578b155cb108e5ae12184a837d0aaec 73208
accountsservice_0.6.21-6_amd64.deb
b76e8a32d5bb88c6d32b5427498135be3a0ffbc4 86872
libaccountsservice0_0.6.21-6_amd64.deb
fed6e07a36bca3665a2cf0424199afaef2d4ece1 15190
libaccountsservice-dev_0.6.21-6_amd64.deb
847a66cb85ebe9e713eb6637937fa82f549ca75c 11290
gir1.2-accountsservice-1.0_0.6.21-6_amd64.deb
6385f55c19d4dfbab1a79c07fbac5c6ac25fa469 226054
libaccountsservice-dbg_0.6.21-6_amd64.deb
Checksums-Sha256:
b79ce2fdcb28ff71d6d9791d19eac4191aea6fd81851bc3a187be92faa7d6473 2419
accountsservice_0.6.21-6.dsc
59c5dd2f641de0368e720bb6d570af554d7defc8f59eb9392b7ac0d820b85848 38824
accountsservice_0.6.21-6.debian.tar.gz
5c7309213d333339ae11769955eb6076e29ea143bac99ecdab4b54c7cee82c28 73208
accountsservice_0.6.21-6_amd64.deb
851aa2a7e61d665eff83b883f8714f08753d48168c7c35cda01673acbf78ba76 86872
libaccountsservice0_0.6.21-6_amd64.deb
5ce97459503187e75162496cd2f25fe819798ad3ae43376896bc5b734e503ea9 15190
libaccountsservice-dev_0.6.21-6_amd64.deb
a53ec4c7e69a691a1b99fcfff2cc516f6b0d3c5af1fb90f5dbe4493b7dffc3c4 11290
gir1.2-accountsservice-1.0_0.6.21-6_amd64.deb
2186725b2f94dbad37f4237e65f1308ee21181a44b3c4507928469f257bd4384 226054
libaccountsservice-dbg_0.6.21-6_amd64.deb
Files:
059ad6866aa4917cb62c4cbe834caa19 2419 admin optional
accountsservice_0.6.21-6.dsc
ac5af86227e7da8c3d9f976a6a603f1c 38824 admin optional
accountsservice_0.6.21-6.debian.tar.gz
8dd6b0b5f4bb837775b2cb8b2b7e38fe 73208 admin optional
accountsservice_0.6.21-6_amd64.deb
004e1a08653088b15bac867ae1639f8f 86872 libs optional
libaccountsservice0_0.6.21-6_amd64.deb
86789bb7c72bcb137487709b09e6aca8 15190 libdevel optional
libaccountsservice-dev_0.6.21-6_amd64.deb
482a45e2a9c6641087d63eb62b877951 11290 introspection optional
gir1.2-accountsservice-1.0_0.6.21-6_amd64.deb
f3e69953f9ca3aac0c9ce1a7f6461839 226054 debug extra
libaccountsservice-dbg_0.6.21-6_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJP/E3kAAoJEOikiuUxHXZaIAoP+gP8LobFXK9dE587JUkCzQ71
+Gx/O01Q4EBYbO4zpKQuDR1vYExtDVbo0tnTIHTlUNDtOe6/anCOzzO/aOATAkWb
m/MYs6fBUP+izkdmncZMOI6t1weNK4ioqBPTo/06ucMToaPub2c+NYxsc5+nIe2B
0runFzMSbA8cRDJmz2KqKCvn4qAC0zZuN5PerbrgtOqun3N+kiqOG7cnJPkhWExU
UqBf/miTwr2QstPBdrZAg/h2KuHL0AlFftCYRSWBY4bGEWL6ziykfcEE6z4Iodoe
B3NYuw80aY/RLp2ufxnzFaGhmpn4JxsYRbArSZvF87koMM0Nvdcskhc1/n7uQXWP
O56M/DybdCWsCjVIb/DxqVQmjk1RHxbSTkSWi++/Ao0ATKmL8yQ5LZVmZFIBOvaD
xFfrY9+FlrYMmuAWt5dKQosXz2wlzSuHb+sXQ0yUadukwNTvinUomJ85XnpHVe/n
4sWQk89QWbnsSA+5Lp8jN0tXpxf/6MwG0MB9Rt1UQ4aWvTGKT1Q6sY9B4x9rewWO
pu0YoyDzrp4aLpxv/UrO9JOwjUmWBD0sip2hHu39NKkMKrNn+XDo1hls1m4G11ui
JKJmtnfy4nshqFQxAd8oDlYzZBVyxqCC4p7K8aNJvwViOeAChWx4VcGtdRct5ggt
90iSZW+dutTV2l6+lYWF
=1BSw
-----END PGP SIGNATURE-----
--- End Message ---
