[ANNOUNCE] D-Bus 1.4.1 (fixing CVE-2010-4352)

Rémi Denis-Courmont remi at remlab.net
Mon Dec 20 16:35:35 PST 2010


On Tuesday 21 December 2010, Brian Cameron wrote:
> I assume the CVE-2010-4352 issue does not affect D-Bus 1.2 since no
> mention is made.  Can you confirm?

At least the Debian's D-Bus 1.2.24 is affected according to my own testing. I 
assume all D-Bus versions are affected.

I can send you the PoC privately if you wish.

Rémi Denis-Courmont

More information about the dbus mailing list