Groups | Search | Server Info | Login | Register

Groups > linux.debian.announce.security > #4775

[SECURITY] [DSA 6209-1] xdg-dbus-proxy security update

From Moritz Muehlenhoff <jmm@debian.org>
Newsgroups linux.debian.announce.security
Subject [SECURITY] [DSA 6209-1] xdg-dbus-proxy security update
Date 2026-04-13 22:50 +0200
Message-ID <MJwoh-eUBI-7@gated-at.bofh.it> (permalink)
Organization linux.* mail to news gateway

Show all headers | View raw

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6209-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 13, 2026                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : xdg-dbus-proxy
CVE ID         : CVE-2026-34080

It was discovered that incorrect parsing of policy rules in the
xdg-dbus-proxy (a filtering proxy for D-Bus connections) allowed the
bypass of eavesdrop restrictions, which could result in information
disclosure.

For the stable distribution (trixie), this problem has been fixed in
version 0.1.6-1+deb13u1.

We recommend that you upgrade your xdg-dbus-proxy packages.

For the detailed security status of xdg-dbus-proxy please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xdg-dbus-proxy

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmndVDAACgkQEMKTtsN8
TjaPOg/8CHnhe62Ygsiut7Pkac6rdrgLCiqFtW0kVwMiOmdMsg6wXfAf63Bq5uaY
Ll2tMGLy45AnE2n7kPLA2Lx2rZ7N9vslHOdb+/n7IJ1Fjy3Jo1JfFXB7BSwsk06b
cMUdchBpQUhWWpQXee+ViooCjvoUU/WfJKAPlTFOsXFKr4VFnY0pRDcrpkTWNSkB
C/OblIsx0Hej39CFkN6KYFa9G5CODGa07SUXWGSKtp4+UCkBavxcG/+2N2ve78S5
l1rDgR5CJiQUjxn090/4tnBwsday2M1esxiFP9ih1lSXyaw38qoo1m7AYriWvHbO
g1Bgy7hsG6eZT3EAOW4VKALXwLKBlnlJNH5B3X/8GButN2mIvefd8Gv7nx+zabBI
HOW7Op4LG5of3g+l0r4As9oI0w/LH+VLN10R9urOQCDDN9pdu2U6dI9vg7qItBMU
S5ub00Svz7hG0qa/2IRwb9vMbjoV1PNu7V4KzXuFdDnGredZ8qBiRj9suy6tOd/r
kXj3AwMzfLTeZ/P7DKsYvAfA4agKL8qQAdyug6NlJ0BJxauPCzmVUS0ub0e0fyqx
x8IzuQSjgn5brpyqGxte3BBeVCCzmgbf9Vn+fO2IMM5qGTYRW/7bm5WnBZ9/t0Av
9Vlgp8fX26ef3wQ6W1+8oFhrweT0w/Q5lJDkqpQplKPhqRXSz04=
=r4lK
-----END PGP SIGNATURE-----

Back to linux.debian.announce.security | Previous | Next | Find similar

Thread

[SECURITY] [DSA 6209-1] xdg-dbus-proxy security update Moritz Muehlenhoff <jmm@debian.org> - 2026-04-13 22:50 +0200

csiph-web