News for package python-dbusmock

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 3.0 (quilt)
Source: python-dbusmock
Binary: python-dbusmock, python3-dbusmock
Architecture: all
Version: 0.11.4-1+deb8u1
Maintainer: Debian Python Modules Team <[email protected]>
Uploaders: Martin Pitt <[email protected]>
Homepage: https://gitorious.org/python-dbusmock
Standards-Version: 3.9.6
Vcs-Browser: http://anonscm.debian.org/cgit/collab-maint/python-dbusmock.git
Vcs-Git: git://anonscm.debian.org/collab-maint/python-dbusmock.git
Testsuite: autopkgtest
Build-Depends: debhelper (>= 9), dh-python, python-all, python-setuptools, python3-all, python3-setuptools
Build-Depends-Indep: upower, python-nose, python-dbus, python-gi, python3-nose, python3-dbus, python3-gi, gir1.2-glib-2.0 (>= 1.32), dbus-x11, libnotify-bin
Package-List:
 python-dbusmock deb python optional arch=all
 python3-dbusmock deb python optional arch=all
Checksums-Sha1:
 5537eac4f4dfa7f115d7a279404dce5611c08418 61339 python-dbusmock_0.11.4.orig.tar.gz
 f615f92079732115e93e036e92ccfaf8fd85c255 4848 python-dbusmock_0.11.4-1+deb8u1.debian.tar.xz
Checksums-Sha256:
 f390174ad96a02e5df2f8b3678e74cfb85253bca292956c7bf09fd65eab03ec1 61339 python-dbusmock_0.11.4.orig.tar.gz
 15501a7e6431ec845c7e6228d15fd02f1d099cb099b4d9f1f5ad9259e82395d3 4848 python-dbusmock_0.11.4-1+deb8u1.debian.tar.xz
Files:
 b32b23a2ffe6d3581779a5402de1f993 61339 python-dbusmock_0.11.4.orig.tar.gz
 b06c616b80a7706f7edb0c669e8bdf0c 4848 python-dbusmock_0.11.4-1+deb8u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVZCDEAAoJENFO8V2v4RNHXQUQAJtYefN0A+FoDKuuyzDhQQR3
IkkZ7WBzKdlZUiopxqxWeCp39dOZFNuKyj8VDEhc+DHd2CBn5c2fq/1bLesJtuMR
Mw9jYD0pgCro0ABE+qZEWeYrcVgJtAdMbbBrPFt36fEdtqFyOeSGtPzE1HP4VDSx
CvDEm0dU/mzyRDV3uNvy1PTqTu0r+200LZ6DOE0Xi8FpAnwqDcxEc0E5IQhW6Zrq
pxb9hrDmyImbiLPT9eGvEsbdxN9b1ElxAguYYVFJzsHrAid0SPQFuejXOKEIPXhb
nR+JQ8xZgN6juNIUeXYSof/FbG/RKnerHkM+hCxoyKjRTNbvGTsS2O1X6rLfcmz8
dLMsdS/A9VxFip3PGxVvz5EPTJKrf2Mj6s580dMLKexnlYOiG0XTvt/1SqPENFlD
Ozpu1lrDYunCPzqdEALcrO99obc0MgZ8JjSox0Z1DHdakmVxbBEzIuLB1dAIIfLc
+rgCP1jO8rs7nMPcZUw3DHgcocA/4Lwed4TrJXWti8xMSjRI2zCPZerEOrPSoj6E
KGdlRVHmsBE6ZUUhHU78XFXD1FecTWfnxauKcMKt3goNSjBv4LAkvlVIbbspKHE9
PVpzlJLhb1KSzNyWKdqfQb3SUAE5XzzYJzrizCYhwTgO9eD6geyGlG30YQBvDmRP
R2jc0G6HkfxnrdZoUrzI
=e5+a
-----END PGP SIGNATURE-----

Changes:
python-dbusmock (0.11.4-1+deb8u1) stable; urgency=medium

  * SECURITY FIX: When loading a template from an arbitrary file through the
    AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template()
    Python method, don't create or use Python's *.pyc cached files. By
    tricking a user into loading a template from a world-writable directory
    like /tmp, an attacker could run arbitrary code with the user's
    privileges by putting a crafted .pyc file into that directory.

    Note that this is highly unlikely to actually appear in practice as custom
    dbusmock templates are usually shipped in project directories, not
    directly in world-writable directories.
    (Closes: #786858, LP: #1453815, CVE-2015-1326)
  * Add debian/gbp.conf for "jessie" packaging branch.

 -- Martin Pitt <[email protected]>  Tue, 26 May 2015 09:26:11 +0200