[ANNOUNCE] D-Bus 1.4.1 (fixing CVE-2010-4352)

Brian Cameron brian.cameron at oracle.com
Mon Dec 20 16:37:20 PST 2010


If this problem affects D-Bus 1.2, then will it be possible for a new
1.2 release with the fix for this security issue?

Thanks!

Brian


On 12/20/10 06:35 PM, Rémi Denis-Courmont wrote:
>     Hello,
>
> On Tuesday 21 December 2010, Brian Cameron wrote:
>> I assume the CVE-2010-4352 issue does not affect D-Bus 1.2 since no
>> mention is made.  Can you confirm?
>
> At least the Debian's D-Bus 1.2.24 is affected according to my own testing. I
> assume all D-Bus versions are affected.
>
> I can send you the PoC privately if you wish.
>



More information about the dbus mailing list