[ANNOUNCE] D-Bus 1.4.1 (fixing CVE-2010-4352)
Brian Cameron
brian.cameron at oracle.com
Mon Dec 20 16:37:20 PST 2010
If this problem affects D-Bus 1.2, then will it be possible for a new
1.2 release with the fix for this security issue?
Thanks!
Brian
On 12/20/10 06:35 PM, Rémi Denis-Courmont wrote:
> Hello,
>
> On Tuesday 21 December 2010, Brian Cameron wrote:
>> I assume the CVE-2010-4352 issue does not affect D-Bus 1.2 since no
>> mention is made. Can you confirm?
>
> At least the Debian's D-Bus 1.2.24 is affected according to my own testing. I
> assume all D-Bus versions are affected.
>
> I can send you the PoC privately if you wish.
>
More information about the dbus
mailing list