Debian Bug report logs -
#510788
odccm: /etc/dbus-1/system.d file needs alterations for fd.o #18961
Reported by: Simon McVittie <smcv@debian.org>
Date: Sun, 4 Jan 2009 21:36:01 UTC
Severity: serious
Merged with 510698
Found in version odccm/0.11.1-2
Fixed in version odccm/0.11.1-4
Done: Jonny Lamb <jonny@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Jonny Lamb <jonny@debian.org>:
Bug#510788; Package odccm.
(Sun, 04 Jan 2009 21:36:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Simon McVittie <smcv@debian.org>:
New Bug report received and forwarded. Copy sent to Jonny Lamb <jonny@debian.org>.
(Sun, 04 Jan 2009 21:36:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: odccm
Version: 0.11.1-2
Severity: normal
User: pkg-utopia-maintainers@lists.alioth.debian.org
Usertags: fdo-18961
odccm's D-Bus system.d config should be updated to fix
non-deterministic allow/deny for messages with no interface; the D-Bus
upstream recommendation seems to be that every allow or deny rule with
send_interface="..." should have a suitable send_destination attribute too.
http://bugs.freedesktop.org/show_bug.cgi?id=18961 is the D-Bus bug tracking
this; there have also been discussions on the D-Bus mailing list.
Please test the resulting package against the dbus package from
http://people.debian.org/~smcv/dbus-cve-2008-4311/ (you might be better
off waiting until hal's current RC bug has been fixed before you upgrade);
as far as I can tell, it *should* be OK with deny-by-default, but it
might not be.
Regards from the Cambridge BSP,
Simon
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org:
Bug#510788; Package odccm.
(Sun, 04 Jan 2009 21:48:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Jonny Lamb <jonny@debian.org>:
Extra info received and forwarded to list.
(Sun, 04 Jan 2009 21:48:03 GMT) (full text, mbox, link).
Message #10 received at 510788@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
forcemerge 510698 510788
kthxbye
On Sun, Jan 04, 21:33:42 +0000, Simon McVittie wrote:
> odccm's D-Bus system.d config should be updated to fix
> non-deterministic allow/deny for messages with no interface; the D-Bus
> upstream recommendation seems to be that every allow or deny rule with
> send_interface="..." should have a suitable send_destination attribute too.
This has already been reported by Matthew Johnson this morning. My
0.11.1-4 upload this evening should fix this. Feel free to re-open this
bug if I noobed it up though.
Thanks,
--
Jonny Lamb, UK
jonny@debian.org
[signature.asc (application/pgp-signature, inline)]
Forcibly Merged 510698 510788.
Request was from Jonny Lamb <jonny@debian.org>
to control@bugs.debian.org.
(Sun, 04 Jan 2009 21:48:06 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 09 Feb 2009 07:31:29 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Tue Jan 30 05:58:29 2024;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.