lp://staging/~ubuntu-core-dev/language-selector/maverick
- Get this branch:
- bzr branch lp://staging/~ubuntu-core-dev/language-selector/maverick
Branch merges
Related source package recipes
Related bugs
| Bug #764397: Polkit authentification can be bypassed | High | Fix Released |
|
Related blueprints
Branch information
Recent revisions
- 393. By Martin Pitt
-
* SECURITY UPDATE: language selector backend did not verify policy kit
authentication.
- debian/language- selector- common. postinst: shut down old backend.
- CVE-2011-0729 - 390. By Martin Pitt
-
dbus_backend/
ls-dbus- backend: Reject locale names with invalid characters
in it, to further prevent injecting shell code into /etc/default/locale
for authenticated users. Thanks to Felix Geyer for the initial patch!
(LP: #764397) - 389. By Martin Pitt
-
dbus_backend/
ls-dbus- backend: Actually look at the PolicyKit check result
and only proceed if it succeeded. Thanks to Romain Perier for finding this
and providing the patch! This fixes a local root privilege escalation, as
this allows any authenticated user to write arbitrary shell commands into
/etc/default/locale. (LP: #764397) - 386. By Martin Pitt
-
debian/rules: Disable pkgbinarymangler, to keep translations in the
package. In Natty this blacklisting will happen in the pkgbinarymangler
package (so that the programs other than pkgstriptranslations will still
apply), but this is a less invasive shortcut for Maverick. (LP: #654548)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/language-selector
Ubuntu Core Devel...
