diff -Nru language-selector-0.79.3/dbus_backend/ls-dbus-backend language-selector-0.79.4/dbus_backend/ls-dbus-backend
--- language-selector-0.79.3/dbus_backend/ls-dbus-backend	2012-03-27 06:01:34.000000000 +0000
+++ language-selector-0.79.4/dbus_backend/ls-dbus-backend	2013-09-13 16:37:35.000000000 +0000
@@ -32,15 +32,8 @@
                                     "/org/freedesktop/PolicyKit1/Authority",
                                     "org.freedesktop.PolicyKit1.Authority")
         policykit = dbus.Interface(obj, "org.freedesktop.PolicyKit1.Authority")
-        info = dbus.Interface(connection.get_object('org.freedesktop.DBus',
-                                              '/org/freedesktop/DBus/Bus',
-                                              False),
-                              'org.freedesktop.DBus')
-        pid = info.GetConnectionUnixProcessID(sender)
-        subject = ('unix-process',
-                   { 'pid' : dbus.UInt32(pid, variant_level=1),
-                     'start-time' : dbus.UInt64(0),
-                   }
+        subject = ('system-bus-name',
+                   { 'name': dbus.String(sender, variant_level = 1) }
                   )
         details = { '' : '' }
         flags = dbus.UInt32(1) #   AllowUserInteraction = 0x00000001
diff -Nru language-selector-0.79.3/dbus_backend/lsd.py language-selector-0.79.4/dbus_backend/lsd.py
--- language-selector-0.79.3/dbus_backend/lsd.py	2012-03-27 06:01:34.000000000 +0000
+++ language-selector-0.79.4/dbus_backend/lsd.py	2013-09-13 16:37:35.000000000 +0000
@@ -32,15 +32,8 @@
                                     "/org/freedesktop/PolicyKit1/Authority",
                                     "org.freedesktop.PolicyKit1.Authority")
         policykit = dbus.Interface(obj, "org.freedesktop.PolicyKit1.Authority")
-        info = dbus.Interface(connection.get_object('org.freedesktop.DBus',
-                                              '/org/freedesktop/DBus/Bus',
-                                              False),
-                              'org.freedesktop.DBus')
-        pid = info.GetConnectionUnixProcessID(sender)
-        subject = ('unix-process',
-                   { 'pid' : dbus.UInt32(pid, variant_level=1),
-                     'start-time' : dbus.UInt64(0),
-                   }
+        subject = ('system-bus-name',
+                   { 'name': dbus.String(sender, variant_level = 1) }
                   )
         details = { '' : '' }
         flags = dbus.UInt32(1) #   AllowUserInteraction = 0x00000001
diff -Nru language-selector-0.79.3/debian/changelog language-selector-0.79.4/debian/changelog
--- language-selector-0.79.3/debian/changelog	2013-04-09 12:11:25.000000000 +0000
+++ language-selector-0.79.4/debian/changelog	2013-09-13 16:37:51.000000000 +0000
@@ -1,3 +1,14 @@
+language-selector (0.79.4) precise-security; urgency=low
+
+  * SECURITY UPDATE: possible privilege escalation via policykit UID lookup
+    race.
+    - dbus_backend/ls-dbus-backend: pass system-bus-name as a subject
+      instead of pid so policykit can get the information from the system
+      bus.
+    - CVE-2013-1066
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 13 Sep 2013 12:35:48 -0400
+
 language-selector (0.79.3) precise-proposed; urgency=low
 
   * language_support_pkgs.py: