Opened 8 years ago

Closed 8 years ago

#5163 closed enhancement (fixed)

dbus-1.8.4

Reported by: Fernando de Oliveira Owned by: Fernando de Oliveira
Priority: normal Milestone: 7.6
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

http://dbus.freedesktop.org/releases/dbus/dbus-1.8.4.tar.gz

http://cgit.freedesktop.org/dbus/dbus/plain/NEWS?h=dbus-1.8

...
D-Bus 1.8.4 (2014-06-10)
==

Security fix:

• Alban Crequy at Collabora Ltd. discovered and fixed a denial-of-service
  flaw in dbus-daemon, part of the reference implementation of D-Bus.
  Additionally, in highly unusual environments the same flaw could lead to
  a side channel between processes that should not be able to communicate.
  (CVE-2014-3477, fd.o #78979)
...

Change History (2)

comment:1 by Fernando de Oliveira, 8 years ago

Owner: changed from blfs-book@… to Fernando de Oliveira
Status: newassigned

Needs an sed for a upstream fix:

dbus-launch: kill bus if we can't attach to a session when requested

comment:2 by Fernando de Oliveira, 8 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r13224.

Note: See TracTickets for help on using tickets.