[Pkg-utopia-maintainers] Bug#700638: CVE-2013-0292: authentication bypass due to insufficient checks in dbus-glib < 0.100.1

Moritz Muehlenhoff jmm at inutil.org
Mon Feb 18 15:20:24 UTC 2013


On Mon, Feb 18, 2013 at 09:53:53AM +0000, Simon McVittie wrote:
> On 15/02/13 17:44, I wrote:
> > Severity: critical
> > Justification: root security hole
> >
> > Sebastian Krahmer discovered and published an authentication bypass
> > vulnerability in pam_fprintd, caused by a bug in dbus-glib. It is
> > possible that other users of dbus-glib can be exploited in the same
> > way. CVE-2013-0292 has been allocated for this vulnerability.
> 
> On 15/02/13 18:25, Simon McVittie wrote:
> > I can confirm that this bug is present in the version of dbus-glib in
> > squeeze, and that cherry-picking upstream commit 166978a09cf fixes it.
> 
> The debdiff I previously attached works fine on a squeeze machine. If
> the distribution 'stable' in debian/changelog is OK, I can upload it at
> any time; if not (e.g. if you need 'stable-security' there), there will
> be a short delay while I rebuild and re-test.

Please upload this to stable, since the 6.0.7 point release is scheduled
for next week.

Cheers,
        Moritz



More information about the Pkg-utopia-maintainers mailing list