~ubuntu-branches/ubuntu/natty/language-selector/natty-proposed

Viewing all changes in revision 119.

  • Committer: Bazaar Package Importer
  • Author(s): Martin Pitt
  • Date: 2011-04-19 20:20:44 UTC
  • Revision ID: james.westby@ubuntu.com-20110419202044-w41lr8rhc7c6d6ul
Tags: 0.33
* dbus_backend/ls-dbus-backend: Actually look at the PolicyKit check result
  and only proceed if it succeeded. Thanks to Romain Perier for finding this
  and providing the patch! This fixes a local root privilege escalation, as
  this allows any authenticated user to write arbitrary shell commands into
  /etc/default/locale. (LP: #764397) [CVE-2011-0729]
* dbus_backend/ls-dbus-backend: Reject locale names with invalid characters
  in it, to further prevent injecting shell code into /etc/default/locale
  for authenticated users. Thanks to Felix Geyer for the initial patch!
  (LP: #764397)
* dbus_backend/com.ubuntu.LanguageSelector.conf: Allow access to standard
  D-BUS introspection and properties interfaces. There's no reason to deny
  it, and it causes warnings.
* debian/language-selector-common.postinst: Stop running D-BUS backend on
  upgrade.

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: