Simon McVittie wrote: > On Sat, 03 Jan 2009 at 17:58:47 +0000, Matthew Johnson wrote: >> In order to fix CVE-2008-4311 the default permissions on the system bus >> have been tightened up. This has revealed bugs in the configurations >> shipped with a number of services using the system bus which relied on >> the broken behaviour and will now break. > > The package that we'd like to upload to sid and migrate to lenny adds the > attached patches relative to what's in lenny and sid now. The only other > changes are the changelog entry shown here, and renaming CVE-2008-3834.patch > to 40-CVE-2008-3834.patch so that it gets applied in a predictable > sequence relative to the other patches. > > This shouldn't be uploaded until we've fixed the various packages that > we're tracking on <http://wiki.debian.org/DBusPermissions>. We're filing > RC bugs for packages that block the change, and normal bugs for packages > that have issues related to > <http://bugs.freedesktop.org/show_bug.cgi?id=18961>. > > Patches 30 to 35 are probably larger than you'd like, but Matthew and I > think they're good to have - they add a syslog message whenever > permission is denied, which means that if we miss anything while fixing > the D-Bus-dependent packages, we can at least debug the resulting failure.
Ok, please upload according to plan. Cheers Luk -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
