Opened 5 years ago

Closed 5 years ago

#961 closed task (fixed)

D-Bus 1.8.4 Announce with security fix

Reported by: William Harrington Owned by: clfs-commits@…
Priority: critical Milestone: CLFS Standard 3.0
Component: BOOK Version: CLFS Sysroot GIT
Keywords: Cc: berzerkula@…, jonathan@…

Description

http://comments.gmane.org/gmane.comp.freedesktop.dbus/15817

We need to upgrade this during our package freeze. It is a critical fix.

Security fix:

  • Alban Crequy at Collabora Ltd. discovered and fixed a denial-of-service flaw in dbus-daemon, part of the reference implementation of D-Bus. Additionally, in highly unusual environments the same flaw could lead to a side channel between processes that should not be able to communicate. (CVE-2014-3477, fd.o #78979)

http://seclists.org/oss-sec/2014/q2/509

Change History (1)

comment:1 Changed 5 years ago by William Harrington

Resolution: fixed
Status: newclosed

Upgraded to 1.8.4.

commit c7ce049070e0aa43ae7e6ddbcbb91ac08eae727e fixes this.

Last edited 5 years ago by William Harrington (previous) (diff)
Note: See TracTickets for help on using tickets.