Differences between revisions 22 and 32 (spanning 10 versions)
Revision 22 as of 2009-02-05 16:46:22
Size: 3936
Editor: MichaelBiebl
Comment:
Revision 32 as of 2009-03-16 03:30:26
Size: 5479
Editor: anonymous
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
This page tracks the changes needed to fix [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532 D-Bus deny-by-default]. This page tracks the changes needed to fix [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532|D-Bus deny-by-default]].
Line 3: Line 3:
[http://people.debian.org/~smcv/dbus-cve-2008-4311/ "Release candidate" of dbus source and i386 binaries for testing] [[http://people.debian.org/~smcv/dbus-cve-2008-4311/|"Release candidate" of dbus source and i386 binaries for testing]]
Line 11: Line 11:
Bugs which are probably not RC, related to [http://bugs.freedesktop.org/show_bug.cgi?id=18961 fd.o #18961]: Bugs which are probably not RC, related to [[http://bugs.freedesktop.org/show_bug.cgi?id=18961|fd.o #18961]]:
Line 21: Line 21:
dbus-glib: http://bugs.freedesktop.org/show_bug.cgi?id=19441 dbus-glib: http://bugs.freedesktop.org/show_bug.cgi?id=19441: Fix in dbus-glib 0.80-1 (from experimental)
Line 27: Line 27:
|| bluemon || (#510626, fixed in 1.4-5, looks ok) || ||
|| bluez-utils || (#510644, fixed in 3.36-3, seems ok, bare send_interfaces though, limitation of bluez architecture ||
|| consolekit || (#510645, fixed in 0.2.10-4, looks ok) || ||
|| hal || (#510639, fixed in 0.5.11-7, mostly ok, cleanup default section) ||
|| odccm || (#510788, fixed in 0.11.1-4, looks mostly ok, restrict to interfaces?) ||
|| policykit || (#510646, fixed in 0.9-2, looks ok) ||
|| pommed || (#510700, fixed in 1.25~dfsg-1, looks mostly ok, allows access to everyone?) ||
|| smart-notifier || (#510709, fixed in 0.28-1.1, looks ok, strict) ||
|| sugar || (#510657, fixed in 0.82.8-3, looks ok) ||
|| system-tools-backends || (#510744, fixed in 2.6.0-2lenny1, looks ok, strict) ||
|| bluemon || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510628|#510628]], fixed in 1.4-5, looks ok ||
|| bluez-utils || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510644|#510644]], fixed in 3.36-3, seems ok, bare send_interfaces though, limitation of bluez architecture ||
|| consolekit || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510645|#510645]], fixed in 0.2.10-4, looks ok ||
|| hal || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510639|#510639]], fixed in 0.5.11-7, mostly ok, cleanup default section ||
|| odccm || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510788|#510788]], fixed in 0.11.1-4, looks mostly ok, restrict to interfaces? ||
|| policykit || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510646|#510646]], fixed in 0.9-2, looks ok ||
|| pommed || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510700|#510700]], fixed in 1.25~dfsg-1, looks mostly ok, allows access to everyone? ||
|| smart-notifier || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510709|#510709]], fixed in 0.28-1.1, looks ok, strict ||
|| sugar || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510657|#510657]], fixed in 0.82.8-3, looks ok ||
|| system-tools-backends || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510744|#510744]], fixed in 2.6.0-2lenny1, looks ok, too strict? ||
|| dnsmasq || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510649|#510649]], fixed in 2.47-1 ||
|| powersaved || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510633|#510633]], fixed in 0.15.20-5 ||
|| network-manager-kde || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510757|#510757]], fixed in 1:0.7~~svn908338-2 ||
|| network-manager-openvpn|| [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510730|#510730]], fixed in 0.7.0-2 ||
|| network-manager-pptp || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510732|#510732]], fixed in 0.7.0-2 ||
|| network-manager-vpnc || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510735|#510735]], fixed in 0.7.0-2 ||
|| network-manager-gnome || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510728|#510728]], fixed in 0.7.0-2 ||
|| avahi-daemon || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510653|#510653]], fixed in 0.6.24-2 ||
|| network-manager || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510729|#510729]], fixed in 0.7.0.97-1 ||
Line 40: Line 49:
|| avahi-daemon || (#510653, no patch) || ||
|| cups || (#510634, no patch) || ||
|| dhcdbd || (#510791, no patch, bare send_interfaces, superfluous default section) || ||
|| dnsmasq || (#510649, patch via upstream bug report) || ||
|| galago-daemon || (#511146, request to remove system bus policy file) || ||
|| network-manager || (#510729, no patch) ||
|| network-manager-gnome || (#510728, no patch) ||
|| network-manager-kde || (#510757, no patch) ||
|| network-manager-openvpn|| (#510730, no patch) ||
|| network-manager-pptp || (#510732, no patch) ||
|| network-manager-vpnc || (#510735, no patch) ||
|| pathfinderd || (#510696, no patch, remove bare send_interfaces and default section) ||
|| powersaved || (#510633, patch seems ok, move introspection in default section!) ||
|| system-config-printer || (#510756, no patch, superfluous default section, remove send_interface) ||
|| wpasupplicant || (#510652, patch, denials with NM 0.7) ||
|| yum || (#510659, no patch, remove bare send_interfaces, default section) ||
|| cups || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510634|#510634]], no patch ||
|| dhcdbd || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510791|#510791]], no patch, bare send_interfaces, superfluous default section ||
|| galago-daemon || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511146|#511146]], request to remove system bus policy file ||
|| pathfinderd || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510696|#510696]], no patch, remove bare send_interfaces and default section ||
|| system-config-printer || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510756|#510756]], no patch, superfluous default section, remove send_interface ||
|| wpasupplicant || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510652|#510652]], patch, denials with NM 0.7 ||
|| yum || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510659|#510659]], no patch, remove bare send_interfaces, default section ||
Line 59: Line 59:
|| gconf-defaults-service || (from experimental, bare send_interfaceS) ||
|| gnome-applets-data || (from experimental, bare send_interfaceS) ||
|| gnome-panel-data || (from experimental, bare send_interfaceS) ||
|| gpe-bluetooth || (no bug report filed) ||
|| kerneloops || (
completely broken, file extension does not even end with .conf) ||
|| libgksu-polkit0 || (looks mostly ok) ||
|| libpam-dbus || (
not sure, allow everyone to own the name) ||
|| mumble-server || (looks ok) ||
|| osso-gwconnect || (bare send_interfaceS, needs review) ||
|| setroubleshoot || (bare send_interfaceS, needs review) ||
|| wicd || (
bare send_interfaceS, needs review, allows everyone to configure the network?) ||
|| gconf-defaults-service || from experimental, bare send_interfaceS ||
|| gnome-applets-data || from experimental, bare send_interfaceS ||
|| gnome-panel-data || from experimental, bare send_interfaceS ||
|| gpe-bluetooth || no bug report filed ||
|| kerneloops ||
completely broken, file extension does not even end with .conf ||
|| libgksu-polkit0 || looks mostly ok ||
|| libpam-dbus ||
not sure, allow everyone to own the name ||
|| mumble-server || looks ok ||
|| osso-gwconnect || bare send_interfaceS, needs review ||
|| setroubleshoot || bare send_interfaceS, needs review ||
|| wicd ||
bare send_interfaceS, needs review, allows everyone to configure the network? ||

This page tracks the changes needed to fix D-Bus deny-by-default.

"Release candidate" of dbus source and i386 binaries for testing

http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=pkg-utopia-maintainers@lists.alioth.debian.org&tag=CVE-2008-4311

(some of these may be non-RC)

fd.o #18961

Bugs which are probably not RC, related to fd.o #18961:

http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=pkg-utopia-maintainers@lists.alioth.debian.org&tag=fdo-18961

Otherwise broken

libosso, osso-gwconnect (RM requested)

NM-0.7: http://bugzilla.gnome.org/show_bug.cgi?id=565008

dbus-glib: http://bugs.freedesktop.org/show_bug.cgi?id=19441: Fix in dbus-glib 0.80-1 (from experimental)

Complete list of affected packages

Fixed packages

bluemon

#510628, fixed in 1.4-5, looks ok

bluez-utils

#510644, fixed in 3.36-3, seems ok, bare send_interfaces though, limitation of bluez architecture

consolekit

#510645, fixed in 0.2.10-4, looks ok

hal

#510639, fixed in 0.5.11-7, mostly ok, cleanup default section

odccm

#510788, fixed in 0.11.1-4, looks mostly ok, restrict to interfaces?

policykit

#510646, fixed in 0.9-2, looks ok

pommed

#510700, fixed in 1.25~dfsg-1, looks mostly ok, allows access to everyone?

smart-notifier

#510709, fixed in 0.28-1.1, looks ok, strict

sugar

#510657, fixed in 0.82.8-3, looks ok

system-tools-backends

#510744, fixed in 2.6.0-2lenny1, looks ok, too strict?

dnsmasq

#510649, fixed in 2.47-1

powersaved

#510633, fixed in 0.15.20-5

network-manager-kde

#510757, fixed in 1:0.7~~svn908338-2

network-manager-openvpn

#510730, fixed in 0.7.0-2

network-manager-pptp

#510732, fixed in 0.7.0-2

network-manager-vpnc

#510735, fixed in 0.7.0-2

network-manager-gnome

#510728, fixed in 0.7.0-2

avahi-daemon

#510653, fixed in 0.6.24-2

network-manager

#510729, fixed in 0.7.0.97-1

Packages with bug report not yet fixed

cups

#510634, no patch

dhcdbd

#510791, no patch, bare send_interfaces, superfluous default section

galago-daemon

#511146, request to remove system bus policy file

pathfinderd

#510696, no patch, remove bare send_interfaces and default section

system-config-printer

#510756, no patch, superfluous default section, remove send_interface

wpasupplicant

#510652, patch, denials with NM 0.7

yum

#510659, no patch, remove bare send_interfaces, default section

Packages without a bug report

gconf-defaults-service

from experimental, bare send_interfaceS

gnome-applets-data

from experimental, bare send_interfaceS

gnome-panel-data

from experimental, bare send_interfaceS

gpe-bluetooth

no bug report filed

kerneloops

completely broken, file extension does not even end with .conf

libgksu-polkit0

looks mostly ok

libpam-dbus

not sure, allow everyone to own the name

mumble-server

looks ok

osso-gwconnect

bare send_interfaceS, needs review

setroubleshoot

bare send_interfaceS, needs review

wicd

bare send_interfaceS, needs review, allows everyone to configure the network?