Viewing all changes in revision 93.
- Committer: Bazaar Package Importer
- Date: 2011-04-19 10:31:37 UTC
- Revision ID: james.westby@ubuntu.com-20110419103137-f36bntomr7jzsok5
[ Kees Cook ]
* SECURITY UPDATE: language selector backend did not verify policy kit
authentication.
- debian/language-selector-common.postinst: shut down old backend.
- CVE-2011-0729
[ Martin Pitt ]
* dbus_backend/ls-dbus-backend: Actually look at the PolicyKit check result
and only proceed if it succeeded. Thanks to Romain Perier for finding this
and providing the patch! This fixes a local root privilege escalation, as
this allows any authenticated user to write arbitrary shell commands into
/etc/default/locale. (LP: #764397)
* dbus_backend/ls-dbus-backend: Reject locale names with invalid characters
in it, to further prevent injecting shell code into /etc/default/locale
for authenticated users. Thanks to Felix Geyer for the initial patch!
(LP: #764397)
* debian/control: Update Vcs-Bzr: for newly created maverick branch.
* SECURITY UPDATE: language selector backend did not verify policy kit
authentication.
- debian/language-selector-common.postinst: shut down old backend.
- CVE-2011-0729
[ Martin Pitt ]
* dbus_backend/ls-dbus-backend: Actually look at the PolicyKit check result
and only proceed if it succeeded. Thanks to Romain Perier for finding this
and providing the patch! This fixes a local root privilege escalation, as
this allows any authenticated user to write arbitrary shell commands into
/etc/default/locale. (LP: #764397)
* dbus_backend/ls-dbus-backend: Reject locale names with invalid characters
in it, to further prevent injecting shell code into /etc/default/locale
for authenticated users. Thanks to Felix Geyer for the initial patch!
(LP: #764397)
* debian/control: Update Vcs-Bzr: for newly created maverick branch.
expand all
collapse all
added
removed
