-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 3.0 (quilt) Source: python-dbusmock Binary: python-dbusmock, python3-dbusmock Architecture: all Version: 0.11.4-1+deb8u1 Maintainer: Debian Python Modules Team <[email protected]> Uploaders: Martin Pitt <[email protected]> Homepage: https://gitorious.org/python-dbusmock Standards-Version: 3.9.6 Vcs-Browser: http://anonscm.debian.org/cgit/collab-maint/python-dbusmock.git Vcs-Git: git://anonscm.debian.org/collab-maint/python-dbusmock.git Testsuite: autopkgtest Build-Depends: debhelper (>= 9), dh-python, python-all, python-setuptools, python3-all, python3-setuptools Build-Depends-Indep: upower, python-nose, python-dbus, python-gi, python3-nose, python3-dbus, python3-gi, gir1.2-glib-2.0 (>= 1.32), dbus-x11, libnotify-bin Package-List: python-dbusmock deb python optional arch=all python3-dbusmock deb python optional arch=all Checksums-Sha1: 5537eac4f4dfa7f115d7a279404dce5611c08418 61339 python-dbusmock_0.11.4.orig.tar.gz f615f92079732115e93e036e92ccfaf8fd85c255 4848 python-dbusmock_0.11.4-1+deb8u1.debian.tar.xz Checksums-Sha256: f390174ad96a02e5df2f8b3678e74cfb85253bca292956c7bf09fd65eab03ec1 61339 python-dbusmock_0.11.4.orig.tar.gz 15501a7e6431ec845c7e6228d15fd02f1d099cb099b4d9f1f5ad9259e82395d3 4848 python-dbusmock_0.11.4-1+deb8u1.debian.tar.xz Files: b32b23a2ffe6d3581779a5402de1f993 61339 python-dbusmock_0.11.4.orig.tar.gz b06c616b80a7706f7edb0c669e8bdf0c 4848 python-dbusmock_0.11.4-1+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVZCDEAAoJENFO8V2v4RNHXQUQAJtYefN0A+FoDKuuyzDhQQR3 IkkZ7WBzKdlZUiopxqxWeCp39dOZFNuKyj8VDEhc+DHd2CBn5c2fq/1bLesJtuMR Mw9jYD0pgCro0ABE+qZEWeYrcVgJtAdMbbBrPFt36fEdtqFyOeSGtPzE1HP4VDSx CvDEm0dU/mzyRDV3uNvy1PTqTu0r+200LZ6DOE0Xi8FpAnwqDcxEc0E5IQhW6Zrq pxb9hrDmyImbiLPT9eGvEsbdxN9b1ElxAguYYVFJzsHrAid0SPQFuejXOKEIPXhb nR+JQ8xZgN6juNIUeXYSof/FbG/RKnerHkM+hCxoyKjRTNbvGTsS2O1X6rLfcmz8 dLMsdS/A9VxFip3PGxVvz5EPTJKrf2Mj6s580dMLKexnlYOiG0XTvt/1SqPENFlD Ozpu1lrDYunCPzqdEALcrO99obc0MgZ8JjSox0Z1DHdakmVxbBEzIuLB1dAIIfLc +rgCP1jO8rs7nMPcZUw3DHgcocA/4Lwed4TrJXWti8xMSjRI2zCPZerEOrPSoj6E KGdlRVHmsBE6ZUUhHU78XFXD1FecTWfnxauKcMKt3goNSjBv4LAkvlVIbbspKHE9 PVpzlJLhb1KSzNyWKdqfQb3SUAE5XzzYJzrizCYhwTgO9eD6geyGlG30YQBvDmRP R2jc0G6HkfxnrdZoUrzI =e5+a -----END PGP SIGNATURE----- Changes: python-dbusmock (0.11.4-1+deb8u1) stable; urgency=medium * SECURITY FIX: When loading a template from an arbitrary file through the AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() Python method, don't create or use Python's *.pyc cached files. By tricking a user into loading a template from a world-writable directory like /tmp, an attacker could run arbitrary code with the user's privileges by putting a crafted .pyc file into that directory. Note that this is highly unlikely to actually appear in practice as custom dbusmock templates are usually shipped in project directories, not directly in world-writable directories. (Closes: #786858, LP: #1453815, CVE-2015-1326) * Add debian/gbp.conf for "jessie" packaging branch. -- Martin Pitt <[email protected]> Tue, 26 May 2015 09:26:11 +0200
