Size: 1697
Comment: wpasupplicant normal bug filed
|
Size: 5479
Comment: converted to 1.6 markup
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
This page tracks the changes needed to fix D-Bus deny-by-default. | This page tracks the changes needed to fix [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503532|D-Bus deny-by-default]]. |
Line 3: | Line 3: |
== Debian bug filed == | [[http://people.debian.org/~smcv/dbus-cve-2008-4311/|"Release candidate" of dbus source and i386 binaries for testing]] |
Line 5: | Line 5: |
Bugs which block the security fix: | == Bugs related to CVE-2008-4311 == http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=pkg-utopia-maintainers@lists.alioth.debian.org&tag=CVE-2008-4311 |
Line 7: | Line 8: |
[http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=pkg-utopia-maintainers@lists.alioth.debian.org&usertags=CVE-2008-4311] | (some of these may be non-RC) |
Line 9: | Line 10: |
(this tag may include a couple of bugs which should be in the list below instead) | == fd.o #18961 == Bugs which are probably not RC, related to [[http://bugs.freedesktop.org/show_bug.cgi?id=18961|fd.o #18961]]: |
Line 11: | Line 13: |
Bugs which are probably not RC, related to [http://bugs.freedesktop.org/show_bug.cgi?id=18961 fd.o #18961]: | http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=pkg-utopia-maintainers@lists.alioth.debian.org&tag=fdo-18961 |
Line 13: | Line 15: |
[http://bugs.debian.org/cgi-bin/pkgreport.cgi?users=pkg-utopia-maintainers@lists.alioth.debian.org&usertags=fdo-18961] | == Otherwise broken == libosso, osso-gwconnect (RM requested) |
Line 15: | Line 18: |
== Debian bug should be filed == | == Related bugs (not yet filed in Debian) == NM-0.7: http://bugzilla.gnome.org/show_bug.cgi?id=565008 |
Line 17: | Line 21: |
knetworkmanager ([https://bugzilla.redhat.com/show_bug.cgi?id=475468 Red Hat bug], upstream unhappy with the patch) | dbus-glib: http://bugs.freedesktop.org/show_bug.cgi?id=19441: Fix in dbus-glib 0.80-1 (from experimental) |
Line 19: | Line 23: |
system-tools-backends (might be [http://bugzilla.gnome.org/show_bug.cgi?id=563857 "GNOME system monitor"], [https://bugzilla.redhat.com/show_bug.cgi?id=475203 system-config-services], [http://cvs.fedoraproject.org/viewvc/rpms/system-config-services/F-10/system-config-services-0.99.28-dbus.patch system-config-services], [https://bugzilla.redhat.com/show_bug.cgi?id=475524 system-config-samba]?) | == Complete list of affected packages == |
Line 21: | Line 25: |
== Might be affected, please check == | Fixed packages |
Line 23: | Line 27: |
gpe-bluetooth | || bluemon || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510628|#510628]], fixed in 1.4-5, looks ok || || bluez-utils || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510644|#510644]], fixed in 3.36-3, seems ok, bare send_interfaces though, limitation of bluez architecture || || consolekit || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510645|#510645]], fixed in 0.2.10-4, looks ok || || hal || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510639|#510639]], fixed in 0.5.11-7, mostly ok, cleanup default section || || odccm || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510788|#510788]], fixed in 0.11.1-4, looks mostly ok, restrict to interfaces? || || policykit || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510646|#510646]], fixed in 0.9-2, looks ok || || pommed || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510700|#510700]], fixed in 1.25~dfsg-1, looks mostly ok, allows access to everyone? || || smart-notifier || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510709|#510709]], fixed in 0.28-1.1, looks ok, strict || || sugar || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510657|#510657]], fixed in 0.82.8-3, looks ok || || system-tools-backends || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510744|#510744]], fixed in 2.6.0-2lenny1, looks ok, too strict? || || dnsmasq || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510649|#510649]], fixed in 2.47-1 || || powersaved || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510633|#510633]], fixed in 0.15.20-5 || || network-manager-kde || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510757|#510757]], fixed in 1:0.7~~svn908338-2 || || network-manager-openvpn|| [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510730|#510730]], fixed in 0.7.0-2 || || network-manager-pptp || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510732|#510732]], fixed in 0.7.0-2 || || network-manager-vpnc || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510735|#510735]], fixed in 0.7.0-2 || || network-manager-gnome || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510728|#510728]], fixed in 0.7.0-2 || || avahi-daemon || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510653|#510653]], fixed in 0.6.24-2 || || network-manager || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510729|#510729]], fixed in 0.7.0.97-1 || |
Line 25: | Line 47: |
kerneloops | Packages with bug report not yet fixed |
Line 27: | Line 49: |
mumble | || cups || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510634|#510634]], no patch || || dhcdbd || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510791|#510791]], no patch, bare send_interfaces, superfluous default section || || galago-daemon || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511146|#511146]], request to remove system bus policy file || || pathfinderd || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510696|#510696]], no patch, remove bare send_interfaces and default section || || system-config-printer || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510756|#510756]], no patch, superfluous default section, remove send_interface || || wpasupplicant || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510652|#510652]], patch, denials with NM 0.7 || || yum || [[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510659|#510659]], no patch, remove bare send_interfaces, default section || |
Line 29: | Line 57: |
network-manager | Packages without a bug report |
Line 31: | Line 59: |
network-manager-applet network-manager-openvpn network-manager-pptp network-manager-vpnc odccm pathfinder smart-notifier sugar (probably unaffected, needs a second look; related to nm-applet) system-config-printer yum == Non-RC severity == cups (mjj29) == Unaffected == galago-daemon (not on system bus) == Being dealt with == pommed (upstream and Debian maintainer fixing it) libosso, osso-gwconnect (RM requested) |
|| gconf-defaults-service || from experimental, bare send_interfaceS || || gnome-applets-data || from experimental, bare send_interfaceS || || gnome-panel-data || from experimental, bare send_interfaceS || || gpe-bluetooth || no bug report filed || || kerneloops || completely broken, file extension does not even end with .conf || || libgksu-polkit0 || looks mostly ok || || libpam-dbus || not sure, allow everyone to own the name || || mumble-server || looks ok || || osso-gwconnect || bare send_interfaceS, needs review || || setroubleshoot || bare send_interfaceS, needs review || || wicd || bare send_interfaceS, needs review, allows everyone to configure the network? || |
This page tracks the changes needed to fix D-Bus deny-by-default.
"Release candidate" of dbus source and i386 binaries for testing
Bugs related to CVE-2008-4311
(some of these may be non-RC)
fd.o #18961
Bugs which are probably not RC, related to fd.o #18961:
Otherwise broken
libosso, osso-gwconnect (RM requested)
Related bugs (not yet filed in Debian)
NM-0.7: http://bugzilla.gnome.org/show_bug.cgi?id=565008
dbus-glib: http://bugs.freedesktop.org/show_bug.cgi?id=19441: Fix in dbus-glib 0.80-1 (from experimental)
Complete list of affected packages
Fixed packages
bluemon |
#510628, fixed in 1.4-5, looks ok |
bluez-utils |
#510644, fixed in 3.36-3, seems ok, bare send_interfaces though, limitation of bluez architecture |
consolekit |
#510645, fixed in 0.2.10-4, looks ok |
hal |
#510639, fixed in 0.5.11-7, mostly ok, cleanup default section |
odccm |
#510788, fixed in 0.11.1-4, looks mostly ok, restrict to interfaces? |
policykit |
#510646, fixed in 0.9-2, looks ok |
pommed |
#510700, fixed in 1.25~dfsg-1, looks mostly ok, allows access to everyone? |
smart-notifier |
#510709, fixed in 0.28-1.1, looks ok, strict |
sugar |
#510657, fixed in 0.82.8-3, looks ok |
system-tools-backends |
#510744, fixed in 2.6.0-2lenny1, looks ok, too strict? |
dnsmasq |
#510649, fixed in 2.47-1 |
powersaved |
#510633, fixed in 0.15.20-5 |
network-manager-kde |
#510757, fixed in 1:0.7~~svn908338-2 |
network-manager-openvpn |
#510730, fixed in 0.7.0-2 |
network-manager-pptp |
#510732, fixed in 0.7.0-2 |
network-manager-vpnc |
#510735, fixed in 0.7.0-2 |
network-manager-gnome |
#510728, fixed in 0.7.0-2 |
avahi-daemon |
#510653, fixed in 0.6.24-2 |
network-manager |
#510729, fixed in 0.7.0.97-1 |
Packages with bug report not yet fixed
cups |
#510634, no patch |
dhcdbd |
#510791, no patch, bare send_interfaces, superfluous default section |
galago-daemon |
#511146, request to remove system bus policy file |
pathfinderd |
#510696, no patch, remove bare send_interfaces and default section |
system-config-printer |
#510756, no patch, superfluous default section, remove send_interface |
wpasupplicant |
#510652, patch, denials with NM 0.7 |
yum |
#510659, no patch, remove bare send_interfaces, default section |
Packages without a bug report
gconf-defaults-service |
from experimental, bare send_interfaceS |
gnome-applets-data |
from experimental, bare send_interfaceS |
gnome-panel-data |
from experimental, bare send_interfaceS |
gpe-bluetooth |
no bug report filed |
kerneloops |
completely broken, file extension does not even end with .conf |
libgksu-polkit0 |
looks mostly ok |
libpam-dbus |
not sure, allow everyone to own the name |
mumble-server |
looks ok |
osso-gwconnect |
bare send_interfaceS, needs review |
setroubleshoot |
bare send_interfaceS, needs review |
wicd |
bare send_interfaceS, needs review, allows everyone to configure the network? |