* SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
- d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
reject DBUS_COOKIE_SHA1 for users other than the server owner in
dbus/dbus-auth.c.
- d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
add basic test coverage for DBUS_COOKIE_SHA1 in
dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
test/data/auth/cookie-sha1-username.auth-script,
test/data/auth/cookie-sha1.auth-script.
- CVE-2019-12749
-- Marc Deslauriers <email address hidden> Mon, 10 Jun 2019 14:06:01 -0400
This bug was fixed in the package dbus - 1.10.6-1ubuntu3.4
---------------
dbus (1.10.6-1ubuntu3.4) xenial-security; urgency=medium
* SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw auth-Reject- DBUS_COOKIE_ SHA1-for- users-other- than-th. patch: dbus-auth. c. test-Add- basic-test- coverage- for-DBUS_ COOKIE_ SHA1.patch: dbus-auth- script. c, dbus/dbus- sysdeps- util-unix. c, dbus-sysdeps- util-win. c, dbus/dbus- sysdeps. h, test/Makefile.am, data/auth/ cookie- sha1-username. auth-script, data/auth/ cookie- sha1.auth- script.
- d/p/0001-
reject DBUS_COOKIE_SHA1 for users other than the server owner in
dbus/
- d/p/0002-
add basic test coverage for DBUS_COOKIE_SHA1 in
dbus/
dbus/
test/
test/
- CVE-2019-12749
-- Marc Deslauriers <email address hidden> Mon, 10 Jun 2019 14:06:01 -0400