-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 3.0 (quilt) Source: dbus Binary: dbus, dbus-x11, libdbus-1-3, dbus-1-doc, libdbus-1-dev, dbus-1-dbg Architecture: any all Version: 1.6.8-1+deb7u5 Maintainer: Utopia Maintenance Team <[email protected]> Uploaders: Sjoerd Simons <[email protected]>, Sebastian Dröge <[email protected]>, Michael Biebl <[email protected]>, Loic Minier <[email protected]>, Simon McVittie <[email protected]> Homepage: http://dbus.freedesktop.org/ Standards-Version: 3.9.3 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-utopia/dbus.git Vcs-Git: git://anonscm.debian.org/pkg-utopia/dbus.git Build-Depends: automake (>= 1:1.10), autotools-dev, debhelper (>= 9), dh-autoreconf, doxygen, dpkg-dev (>= 1.16.1), libexpat-dev, libdbus-glib-1-dev, libglib2.0-dev, libselinux1-dev [linux-any], libsystemd-daemon-dev (>= 32) [linux-any], libsystemd-login-dev (>= 32) [linux-any], libx11-dev, python (>= 2.6), python-dbus, python-gobject, xmlto, xsltproc Package-List: dbus deb admin optional arch=any dbus-1-dbg deb debug extra arch=any dbus-1-doc deb doc optional arch=all dbus-x11 deb x11 optional arch=any libdbus-1-3 deb libs optional arch=any libdbus-1-dev deb libdevel optional arch=any Checksums-Sha1: d9634807d1de9b64727ae2178e3af2227fca0fca 1929630 dbus_1.6.8.orig.tar.gz f2c4ea3c8b8d48504df92439f3a73e130c6dfb7a 49624 dbus_1.6.8-1+deb7u5.debian.tar.xz Checksums-Sha256: fc1370ef38abeeb13f55c905ec002e60705fb0bfde3b8d21c8d6eb8056c11bac 1929630 dbus_1.6.8.orig.tar.gz 884e1811c8ee978f788904f788dd7ad22398e1a41334d69b7ffa46423d3d816f 49624 dbus_1.6.8-1+deb7u5.debian.tar.xz Files: 3bf059c7dd5eda5f539a1b7cfe7a14a2 1929630 dbus_1.6.8.orig.tar.gz c2b5cdf453071fea1eedff1657c28d84 49624 dbus_1.6.8-1+deb7u5.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIVAwUBVH91bE3o/ypjx8yQAQjV0w/+M8ljKICCIU1G3Fz31UW3JaaNdbLNyiBS /LXS1QeXxY9oV6U4Gxw5l2co7UVUHAKFxKl77/ZqOY+KAF3II+i2l2TyotCHhhyJ f6Ip65Kxy7mzkHRJXIUZkie/2cAfjy/MRe7tMKcr7byIxA3Jf6R1XJ86rCs0wy5W xWw/6IEbFEkpL7FWnQbQhIqltuD/SsRDXUxh77VBJ5Kpq9xc1f12h9vFi6aaIYn0 fAeXwGzfaXE8xZ19xn9u3v4UR5ST4FT0Tdj6AH8Xjl6f+DboUYz5gwLW1u4KdROG 44RQmqbXGxdP7XC00e+SnaB+5+qlLF/xBbAhGKAkrOYPePl+mA170W8Axgvci4LB piCdv5Cw8kUX4jNYfZUBQCEWY3/Z71yBuDQvA9J4ENt4T4ZOArEp6R+GJwRom5lB MvfLQv3vWguhuQeD5Q4gNZN1Ku1qfgx5lubAFmQJrlRDMq0VweK0HnIQKSx1n3hq 862V9/DmbqMWhm4VIkanqf3jmGl8AJ/YxhOVLVjvyPhGhuxO97MPjueUUxpUoTyU tbYnBCKqTlMahpeA/dGdWuxyDBv4Q5t9CvGWwE5zm9We6zyPUy0Q1fY3dZZscDjp L8eIbzCovFjjsfsp1zo03UygaINjh3VUy+VyEK2CWmIqNMrWeCxab+zdrj5k6R9W TScGVoiykbc= =rHQI -----END PGP SIGNATURE----- Changes: dbus (1.6.8-1+deb7u5) wheezy-security; urgency=high * Fix CVE-2014-7824: - Start 'dbus-daemon --system' as root under sysvinit (it already starts as root under systemd), so it can increase its file descriptor limit - Add patch from upstream to increase dbus-daemon's file descriptor limit to 65536, completing the incomplete fix for CVE-2014-3636 * Fix regression introduced in 1.6.8-1+deb7u4 (Closes: #769069): - Add patch from upstream to restore auth_timeout to its previous value, since the shorter value causes boot failures on some systems - Add README.Debian to dbus package, documenting how sysadmins with hostile local users, and systems where boot succeeds with the shorter value, can get the shorter value back -- Simon McVittie <[email protected]> Mon, 24 Nov 2014 13:49:52 +0000