Your message dated Tue, 10 Jul 2012 16:02:11 +0000
with message-id <e1soct9-0002rr...@franck.debian.org>
and subject line Bug#679429: fixed in accountsservice 0.6.21-6
has caused the Debian Bug report #679429,
regarding accountsservice: CVE-2012-2737 local file disclosure
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
679429: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679429
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: accountsservice
Version: 0.6.21-5
Severity: important
Tags: upstream security

Please see <https://bugzilla.redhat.com/show_bug.cgi?id=832532>.
(I have not confirmed that our accountsservice is actually affected,
but it seems highly likely, since it was uploaded before the embargo date.)

    S

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing-proposed-updates
  APT policy: (500, 'testing-proposed-updates'), (500, 'unstable'), (500, 
'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages accountsservice depends on:
ii  dbus                   1.6.2-1
ii  libaccountsservice0    0.6.21-5
ii  libc6                  2.13-33
ii  libglib2.0-0           2.32.3-1
ii  libpolkit-gobject-1-0  0.105-1

accountsservice recommends no packages.

Versions of packages accountsservice suggests:
ii  gnome-control-center  1:3.4.2-2

-- no debconf information



--- End Message ---
--- Begin Message ---
Source: accountsservice
Source-Version: 0.6.21-6

We believe that the bug you reported is fixed in the latest version of
accountsservice, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 679...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alessio Treglia <ales...@debian.org> (supplier of updated accountsservice 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 10 Jul 2012 17:04:54 +0200
Source: accountsservice
Binary: accountsservice libaccountsservice0 libaccountsservice-dev 
gir1.2-accountsservice-1.0 libaccountsservice-dbg
Architecture: source amd64
Version: 0.6.21-6
Distribution: unstable
Urgency: high
Maintainer: Alessio Treglia <ales...@debian.org>
Changed-By: Alessio Treglia <ales...@debian.org>
Description: 
 accountsservice - query and manipulate user account information
 gir1.2-accountsservice-1.0 - GObject introspection data for AccountService
 libaccountsservice-dbg - query and manipulate user account information - debug
 libaccountsservice-dev - query and manipulate user account information - 
header files
 libaccountsservice0 - query and manipulate user account information - shared 
libraries
Closes: 679429
Changes: 
 accountsservice (0.6.21-6) unstable; urgency=high
 .
   * CVE-2012-2737: Add patch to prevent race condition with UID
     lookup (Closes: #679429):
     - src/u{ser,til}.c: Use bus daemon to query peer credentials.
Checksums-Sha1: 
 fe9bedd119b2a6320376f3da04b785cc5256da86 2419 accountsservice_0.6.21-6.dsc
 62b13b1289c111504ca5f7bc34ab12d467e3adc9 38824 
accountsservice_0.6.21-6.debian.tar.gz
 59c886bca578b155cb108e5ae12184a837d0aaec 73208 
accountsservice_0.6.21-6_amd64.deb
 b76e8a32d5bb88c6d32b5427498135be3a0ffbc4 86872 
libaccountsservice0_0.6.21-6_amd64.deb
 fed6e07a36bca3665a2cf0424199afaef2d4ece1 15190 
libaccountsservice-dev_0.6.21-6_amd64.deb
 847a66cb85ebe9e713eb6637937fa82f549ca75c 11290 
gir1.2-accountsservice-1.0_0.6.21-6_amd64.deb
 6385f55c19d4dfbab1a79c07fbac5c6ac25fa469 226054 
libaccountsservice-dbg_0.6.21-6_amd64.deb
Checksums-Sha256: 
 b79ce2fdcb28ff71d6d9791d19eac4191aea6fd81851bc3a187be92faa7d6473 2419 
accountsservice_0.6.21-6.dsc
 59c5dd2f641de0368e720bb6d570af554d7defc8f59eb9392b7ac0d820b85848 38824 
accountsservice_0.6.21-6.debian.tar.gz
 5c7309213d333339ae11769955eb6076e29ea143bac99ecdab4b54c7cee82c28 73208 
accountsservice_0.6.21-6_amd64.deb
 851aa2a7e61d665eff83b883f8714f08753d48168c7c35cda01673acbf78ba76 86872 
libaccountsservice0_0.6.21-6_amd64.deb
 5ce97459503187e75162496cd2f25fe819798ad3ae43376896bc5b734e503ea9 15190 
libaccountsservice-dev_0.6.21-6_amd64.deb
 a53ec4c7e69a691a1b99fcfff2cc516f6b0d3c5af1fb90f5dbe4493b7dffc3c4 11290 
gir1.2-accountsservice-1.0_0.6.21-6_amd64.deb
 2186725b2f94dbad37f4237e65f1308ee21181a44b3c4507928469f257bd4384 226054 
libaccountsservice-dbg_0.6.21-6_amd64.deb
Files: 
 059ad6866aa4917cb62c4cbe834caa19 2419 admin optional 
accountsservice_0.6.21-6.dsc
 ac5af86227e7da8c3d9f976a6a603f1c 38824 admin optional 
accountsservice_0.6.21-6.debian.tar.gz
 8dd6b0b5f4bb837775b2cb8b2b7e38fe 73208 admin optional 
accountsservice_0.6.21-6_amd64.deb
 004e1a08653088b15bac867ae1639f8f 86872 libs optional 
libaccountsservice0_0.6.21-6_amd64.deb
 86789bb7c72bcb137487709b09e6aca8 15190 libdevel optional 
libaccountsservice-dev_0.6.21-6_amd64.deb
 482a45e2a9c6641087d63eb62b877951 11290 introspection optional 
gir1.2-accountsservice-1.0_0.6.21-6_amd64.deb
 f3e69953f9ca3aac0c9ce1a7f6461839 226054 debug extra 
libaccountsservice-dbg_0.6.21-6_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJP/E3kAAoJEOikiuUxHXZaIAoP+gP8LobFXK9dE587JUkCzQ71
+Gx/O01Q4EBYbO4zpKQuDR1vYExtDVbo0tnTIHTlUNDtOe6/anCOzzO/aOATAkWb
m/MYs6fBUP+izkdmncZMOI6t1weNK4ioqBPTo/06ucMToaPub2c+NYxsc5+nIe2B
0runFzMSbA8cRDJmz2KqKCvn4qAC0zZuN5PerbrgtOqun3N+kiqOG7cnJPkhWExU
UqBf/miTwr2QstPBdrZAg/h2KuHL0AlFftCYRSWBY4bGEWL6ziykfcEE6z4Iodoe
B3NYuw80aY/RLp2ufxnzFaGhmpn4JxsYRbArSZvF87koMM0Nvdcskhc1/n7uQXWP
O56M/DybdCWsCjVIb/DxqVQmjk1RHxbSTkSWi++/Ao0ATKmL8yQ5LZVmZFIBOvaD
xFfrY9+FlrYMmuAWt5dKQosXz2wlzSuHb+sXQ0yUadukwNTvinUomJ85XnpHVe/n
4sWQk89QWbnsSA+5Lp8jN0tXpxf/6MwG0MB9Rt1UQ4aWvTGKT1Q6sY9B4x9rewWO
pu0YoyDzrp4aLpxv/UrO9JOwjUmWBD0sip2hHu39NKkMKrNn+XDo1hls1m4G11ui
JKJmtnfy4nshqFQxAd8oDlYzZBVyxqCC4p7K8aNJvwViOeAChWx4VcGtdRct5ggt
90iSZW+dutTV2l6+lYWF
=1BSw
-----END PGP SIGNATURE-----



--- End Message ---

Reply via email to