dbus-1.2.14 and dbus-1.2.4.6permissive

Colin Walters walters at verbum.org
Wed May 6 14:06:46 PDT 2009 

New releases of dbus are available.

This release is a followup for an incorrect fix for a previous
security issue (CVE-2008-3834).  The CVE assigned to this release is
CVE-2009-1189, though no exploits are known at this time.  In this
release, the "permissive" stream is only getting the security fix,
while the primary one has other enhancements.

http://dbus.freedesktop.org/releases/dbus/dbus-1.2.14.tar.gz

http://dbus.freedesktop.org/releases/dbus/dbus-1.2.4.6permissive.tar.gz

Changes in 1.2.14:

    * Bug 17803 - Fix both test case and validation logic [CVE-2009-1189]
    * Bug 19567 - Make marshaling code usable without DBusConnection

      And a small number of other fixes, for more details see the git log.

Contributors to this release: Federico Mena Quintero, Eamon Walsh,
Colin Walters, Tomas Hoger, Marc Mutz, Xan Lopez, Johan Gyllenspetz.

Changes in 1.2.4.6permissive:

    * Bug 17803 - Fix both test case and validation logic [CVE-2009-1189]

The following is the git log for 1.2.14:

commit f76d17437ee95bb2621cb55c79707b9f01dcf89a
Author: Colin Walters <walters at verbum.org>

    Release 1.2.14

commit b38c433bf713324b5d17eae626e8c7404bcb6554
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>

    libselinux behavior in permissive mode wrt invalid domains

commit 73ec6964d7a14eba3ec7118041e48e0a21438e52
Author: Federico Mena Quintero <federico at novell.com>

    bfo20738 - Return a useful error message from dbus_signature_validate()

commit 0f19140b527ee946dd368dde9314c5c5e9d24177
Author: Federico Mena Quintero <federico at novell.com>

    bfo20738 - Translate DBusValidity into error message

commit 0cf4583b5a4772b9c2a381ce78f6e3a3afcf705d
Author: William Lachance <wrlach at gmail.com>

    Bug 19567 - Make marshaling code usable without DBusConnection

commit 86df8ad59229bc511689e0e1d431a5cf246685db
Author: Colin Walters <walters at verbum.org>

    Followup Bug 19502 - Don't attempt to init va_list, not portable

commit eb3b99e7c610988823804f5e6c92aa13459605c7
Author: Kjartan Maraas <kmaraas at gnome.org>

    Bug 19502 - Sparse warning cleanups

commit da75989b3918508058ed056ae9e2092e14023ebc
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>

    dbus-launch: use InputOnly X window

commit 5b4ee5fb40269afaa106b55dd4755125c2f9107a
Author: Johan Gyllenspetz <johangy at axis.com>

    Bug 20494 - Fix signed confusion for dbus_message_get_reply_serial return

commit 15f518301605ed748fbcecdf5e38d0a5ef982c3b
Author: Colin Walters <walters at verbum.org>

    Bug 20137 - Fix alignment usage when demarshaling basics

commit a709566edd8358ba431b7427a1530a7db0d1832d
Author: Colin Walters <walters at verbum.org>

    Always append closing quote in log command

commit b5a1f3c54a48ea3079622b0ec3023c79b95ed135
Author: Colin Walters <walters at verbum.org>

    Bug 17803 - Fix both test case and validation logic

commit b2f943e9c0d5ae1d6293d418b0c0b2a03799bb84
Author: Marc Mutz <marc at kdab.net>

    configure.in: fix help string alignment

commit 5a3907f28f963e05682bb29019774bf5843ab1ee
Author: Xan Lopez <xan at gnome.org>

    Fix typo in docs.

commit c30270f18255b9fc503b3fdfc5e3c4f01d8888f7
Author: Colin Walters <walters at verbum.org>

    Bump for unstable cycle

More information about the dbus mailing list