* SECURITY UPDATE: accountsservice drop privileges SIGSTOP DoS
(LP: #1900255)
- debian/patches/0010-set-language.patch: updated to not drop real uid
and real gid in user_drop_privileges_to_user.
- debian/patches/0009-language-tools.patch: updated to not reset
effective uid.
- CVE-2020-16126
Looks like this change got reverted:
accountsservice (0.6.55- 0ubuntu13. 2) groovy-security; urgency=medium
* SECURITY UPDATE: accountsservice drop privileges SIGSTOP DoS patches/ 0010-set- language. patch: updated to not drop real uid privileges_ to_user. patches/ 0009-language- tools.patch: updated to not reset
(LP: #1900255)
- debian/
and real gid in user_drop_
- debian/
effective uid.
- CVE-2020-16126