Re: Possible MBF due to DBus security issue

Simon McVittie wrote: > RC, totally broken security policy adds allow-by-default even if dbus-daemon > doesn't have it - maintainers pinged, RC bug filed, RM from lenny suggested FBReader build-depends on it (for maemo platforms), it would be a loss to have not fbreader for maemo and unacceptable

Re: Possible MBF due to DBus security issue

Test results mentioned are for a laptop with a freshly installed lenny system, the (GNOME) desktop task, the tested packages, my release candidate version of dbus, and patched versions of hal and system-tools-backends as seen below. Some packages haven't been tested yet - I'm not confident that I k

Re: Possible MBF due to DBus security issue

On Sat, 3 Jan 2009 17:58:47 + Matthew Johnson wrote: > A fixed version of dbus has been uploaded to experimental. The release > team would like this version to go into lenny, but we need to fix any > bugs caused by that version. Upstream have already started collating > patches to upstreams[0

Re: Possible MBF due to DBus security issue

Le samedi 03 janvier 2009 à 17:58 +, Matthew Johnson a écrit : > Debian GNOME Maintainers >system-config-printer (U) >system-tools-backends (U) Both explicitly list all permissions, so I think they should be fine. -- .''`. : :' : We are debian.org. Lower your prices, surrender

Re: Possible MBF due to DBus security issue

On Sat Jan 03 20:57, Simon McVittie wrote: > > Simon Kelley > >dnsmasq > > ??? > > > Anand Kumria > >yum > > ??? > > > Patrick Patterson > >pathfinder > > ??? > > > Matthew Wilcox > >kerneloops All of these have the send_destination policy so look like they should be fine

Re: Possible MBF due to DBus security issue

On Sat Jan 03 20:57, Simon McVittie wrote: > > > Michael Biebl > >powersave Definitely needs at least introspection allowing, bug filed > > Debian CUPS Maintainers > >cups > > mjj29 is investigating and thinks it's OK Doesn't allow introspection, but only sends signals so it's not cr

Re: Possible MBF due to DBus security issue

On Sunday 04 January 2009 06:57:00 Simon McVittie wrote: > > Debian/Ubuntu wpasupplicant Maintainers > > > >wpasupplicant > > ??? As far as I can tell, wpasupplicant installs an unaffected D-Bus configuration. Patch welcome if wrong :) Thanks, Kel. -- To UNSUBSCRIBE, email to debian-dev

Re: Possible MBF due to DBus security issue

On Sat, 03 Jan 2009 at 20:57:00 +, Simon McVittie wrote: > After removing Uploaders and cross-referencing against fd.o #18980 (up to and > including Comment #12, > https://bugs.freedesktop.org/show_bug.cgi?id=18980#c12): > > > Michael Biebl > >knetworkmanager > > https://bugzilla.redhat

Re: Possible MBF due to DBus security issue

On Sat Jan 03 17:58, Matthew Johnson wrote: > All that needs to be done to fix this is to edit the config file which > is dropped in /etc/dbus-1/system.d/ to allow all of the incoming method > calls and outgoing signals. Method replies/errors and introspection > already have exceptions. OK clarif

Re: Possible MBF due to DBus security issue

After removing Uploaders and cross-referencing against fd.o #18980 (up to and including Comment #12, https://bugs.freedesktop.org/show_bug.cgi?id=18980#c12): > Michael Biebl >knetworkmanager https://bugzilla.redhat.com/show_bug.cgi?id=475468 >powersave ??? > Julien BLACHE >pommed

Re: Possible MBF due to DBus security issue

Matthew Johnson wrote: Hi, > Julien BLACHE >pommed Fixed upstream in (soon to be released) 1.25, will go in unstable and I plan to get it into Lenny if the tightened DBus goes in Lenny too. JB. -- Julien BLACHE - Debian & GNU/Linux Developer - Public key available on

Possible MBF due to DBus security issue

In order to fix CVE-2008-4311 the default permissions on the system bus have been tightened up. This has revealed bugs in the configurations shipped with a number of services using the system bus which relied on the broken behaviour and will now break. A fixed version of dbus has been uploaded to