diff -Nru accountsservice-0.6.40/debian/changelog accountsservice-0.6.40/debian/changelog --- accountsservice-0.6.40/debian/changelog 2020-10-26 13:07:31.000000000 +0000 +++ accountsservice-0.6.40/debian/changelog 2020-11-02 17:11:26.000000000 +0000 @@ -1,16 +1,18 @@ -accountsservice (0.6.40-2ubuntu11.5) xenial-security; urgency=medium +accountsservice (0.6.40-2ubuntu11.6) xenial-security; urgency=medium * SECURITY UPDATE: accountsservice drop privileges SIGSTOP DoS (LP: #1900255) - debian/patches/0010-set-language.patch: updated to not drop real uid and real gid in user_drop_privileges_to_user. + - debian/patches/0009-language-tools.patch: updated to not reset + effective uid. - CVE-2020-16126 * SECURITY UPDATE: directory traversal issue - debian/patches/CVE-2018-14036.patch: fix insufficient path prefix check in src/user.c. - CVE-2018-14036 - -- Marc Deslauriers Mon, 26 Oct 2020 09:06:34 -0400 + -- Marc Deslauriers Mon, 02 Nov 2020 12:10:06 -0500 accountsservice (0.6.40-2ubuntu11.3) xenial; urgency=medium diff -Nru accountsservice-0.6.40/debian/patches/0009-language-tools.patch accountsservice-0.6.40/debian/patches/0009-language-tools.patch --- accountsservice-0.6.40/debian/patches/0009-language-tools.patch 2016-08-26 01:27:44.000000000 +0000 +++ accountsservice-0.6.40/debian/patches/0009-language-tools.patch 2020-11-02 17:10:01.000000000 +0000 @@ -1,5 +1,6 @@ Description: Help files for dealing with language/locale settings. Author: Gunnar Hjalmarsson +Updated: 2020-11-02 Index: accountsservice-0.6.40/configure.ac =================================================================== @@ -18,7 +19,7 @@ --- /dev/null +++ accountsservice-0.6.40/data/langtools/language2locale @@ -0,0 +1,70 @@ -+#!/bin/sh -e ++#!/bin/sh -pe +# +# - takes the first choice language in the LANGUAGE priority list as argument +# - outputs locale name corresponding to that language @@ -177,7 +178,7 @@ --- /dev/null +++ accountsservice-0.6.40/data/langtools/language-validate @@ -0,0 +1,82 @@ -+#!/bin/sh -e ++#!/bin/sh -pe + +lang=$1 +validated_language= @@ -264,7 +265,7 @@ --- /dev/null +++ accountsservice-0.6.40/data/langtools/locale2papersize @@ -0,0 +1,18 @@ -+#!/bin/sh -e ++#!/bin/sh -pe +# +# locale2papersize outputs the paper size "a4" or "letter" based on +# the height and width in the locale that is passed as an argument. @@ -342,7 +343,7 @@ --- /dev/null +++ accountsservice-0.6.40/data/langtools/save-to-pam-env @@ -0,0 +1,40 @@ -+#!/bin/sh -e ++#!/bin/sh -pe +# +# updates the ~/.pam_environment config file + @@ -387,7 +388,7 @@ --- /dev/null +++ accountsservice-0.6.40/data/langtools/set-language-helper @@ -0,0 +1,27 @@ -+#!/bin/sh -e ++#!/bin/sh -pe + +homedir=$1 +language=$2 @@ -419,7 +420,7 @@ --- /dev/null +++ accountsservice-0.6.40/data/langtools/update-langlist @@ -0,0 +1,48 @@ -+#!/bin/sh -e ++#!/bin/sh -pe +# +# update-langlist maintains the LANGUAGE priority list. It does so in +# a simplified manner, unlike the UI in language-selector-gnome for