buildroot/package/dbus/dbus.hash at b406bef7c6b3ed56ad9f21d0ba9a4a4aca87e2b9 - deepcrayon/buildroot - SpaceCruft!

deepcrayon/buildroot

Peter Korsgaard 992b106d1d package/dbus: security bump to version 1.12.16

Fixes the following security issues:

- CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
  authentication for identities that differ from the user running the
  DBusServer.  Previously, a local attacker could manipulate symbolic links
  in their own home directory to bypass authentication and connect to a
  DBusServer with elevated privileges.  The standard system and session
  dbus-daemons in their default configuration were immune to this attack
  because they did not allow DBUS_COOKIE_SHA1, but third-party users of
  DBusServer such as Upstart could be vulnerable.  Thanks to Joe Vennix of
  Apple Information Security.

  For details, see the advisory:
  https://www.openwall.com/lists/oss-security/2019/06/11/2

Also contains a number of other smaller fixes, including fixes for memory
leaks.  For details, see NEWS:

https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12/NEWS

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

2019-06-13 21:12:11 +02:00

7 lines

367 B

Plaintext

Raw Blame History

 # Locally calculated after checking pgp signature
 # https://dbus.freedesktop.org/releases/dbus/dbus-1.12.16.tar.gz.asc
 # using key 36EC5A6448A4F5EF79BEFE98E05AE1478F814C4F
 sha256	54a22d2fa42f2eb2a871f32811c6005b531b9613b1b93a0d269b05e7549fec80  dbus-1.12.16.tar.gz
 # Locally calculated
 sha256	0e46f54efb12d04ab5c33713bacd0e140c9a35b57ae29e03c853203266e8f3a1  COPYING