Bug#510649: /etc/dbus-1/system.d/dnsmasq.conf needs alterations for fd.o #18961
Simon McVittie wrote: Package: dnsmasq Version: 2.46-1 Severity: normal User: pkg-utopia-maintain...@lists.alioth.debian.org Usertags: fdo-18961 ConsoleKit's D-Bus system.d config should be updated to fix non-deterministic allow/deny for messages with no interface (related to CVE-2008-4311). http://bugs.freedesktop.org/show_bug.cgi?id=19020 contains a patch from Colin Walters. (If you consider bugs.debian.org to be the upstream bug tracker for dnsmasq, please advertise this fact in documentation; Colin didn't seem to know where to send the patch.) Regards from the Cambridge BSP, Simon Hi Simon. I got email from Colin which I acknowleged, and his fix is in the next (upstream) dnsmasq release. It wasn't clear from his mail or from this bug if there are implications for Lenny. It is necessary to update the dnsmasq-2.45 package in Lenny? Cheers, Simon. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510649: /etc/dbus-1/system.d/dnsmasq.conf needs alterations for fd.o #18961
On Mon, 05 Jan 2009 at 14:22:33 +, Simon Kelley wrote: Simon McVittie wrote: Package: dnsmasq Version: 2.46-1 I got email from Colin which I acknowleged, and his fix is in the next (upstream) dnsmasq release. It wasn't clear from his mail or from this bug if there are implications for Lenny. It is necessary to update the dnsmasq-2.45 package in Lenny? Thanks, please close this bug in the appropriate version. We filed bugs for fdo-18961 because it wasn't entirely clear whether they blocked the release of the secure-by-default dbus version (in which case we'd have upgraded them to serious). In practice it seems that they're not RC and there's no need to backport this to lenny. Testing dnsmasq 2.45's D-Bus functionality with a version of D-Bus where CVE-2008-4311 has been fixed (see http://lists.debian.org/debian-devel/2009/01/msg00082.html) would be very useful; I've done some trivial testing on a freshly installed lenny laptop, but you know what's meant to happen much better than I do! In the unlikely event that it turns out to have regressions, please escalate this bug to serious, and coordinate with me or pkg-utopia to get it suitably tagged and fixed before we push the secure-by-default version of dbus. Thanks, Simon signature.asc Description: Digital signature
Bug#510649: /etc/dbus-1/system.d/dnsmasq.conf needs alterations for fd.o #18961
Package: dnsmasq Version: 2.46-1 Severity: normal User: pkg-utopia-maintain...@lists.alioth.debian.org Usertags: fdo-18961 ConsoleKit's D-Bus system.d config should be updated to fix non-deterministic allow/deny for messages with no interface (related to CVE-2008-4311). http://bugs.freedesktop.org/show_bug.cgi?id=19020 contains a patch from Colin Walters. (If you consider bugs.debian.org to be the upstream bug tracker for dnsmasq, please advertise this fact in documentation; Colin didn't seem to know where to send the patch.) Regards from the Cambridge BSP, Simon signature.asc Description: Digital signature
Bug#510649: /etc/dbus-1/system.d/dnsmasq.conf needs alterations for fd.o #18961
On Sun, 04 Jan 2009 at 01:58:05 +, Simon McVittie wrote: http://bugs.freedesktop.org/show_bug.cgi?id=19020 contains a patch from Colin Walters. Sorry, that should be http://bugs.freedesktop.org/show_bug.cgi?id=18961. Simon signature.asc Description: Digital signature