[ANNOUNCE] D-Bus 1.4.1 (fixing CVE-2010-4352)
Rémi Denis-Courmont
remi at remlab.net
Mon Dec 20 16:35:35 PST 2010
Hello,
On Tuesday 21 December 2010, Brian Cameron wrote:
> I assume the CVE-2010-4352 issue does not affect D-Bus 1.2 since no
> mention is made. Can you confirm?
At least the Debian's D-Bus 1.2.24 is affected according to my own testing. I
assume all D-Bus versions are affected.
I can send you the PoC privately if you wish.
--
Rémi Denis-Courmont
http://www.remlab.net/
More information about the dbus
mailing list