Opened 11 years ago
Closed 11 years ago
#5163 closed enhancement (fixed)
dbus-1.8.4
| Reported by: | Fernando de Oliveira | Owned by: | Fernando de Oliveira |
|---|---|---|---|
| Priority: | normal | Milestone: | 7.6 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
http://dbus.freedesktop.org/releases/dbus/dbus-1.8.4.tar.gz
http://cgit.freedesktop.org/dbus/dbus/plain/NEWS?h=dbus-1.8
... D-Bus 1.8.4 (2014-06-10) == Security fix: • Alban Crequy at Collabora Ltd. discovered and fixed a denial-of-service flaw in dbus-daemon, part of the reference implementation of D-Bus. Additionally, in highly unusual environments the same flaw could lead to a side channel between processes that should not be able to communicate. (CVE-2014-3477, fd.o #78979) ...
Note:
See TracTickets
for help on using tickets.
Needs an sed for a upstream fix:
dbus-launch: kill bus if we can't attach to a session when requested