CVE-2012-3524 patch review

Colin Walters walters at
Mon Sep 24 09:48:21 PDT 2012

So this patch has been shipped by a few vendors now:

Sorry about the way this issue bounced around.  I eventually changed my
mind on this issue, and came to believe it makes a lot of sense to
mitigate the issue as much as possible in libdbus.  This is even more
true now that we know there's a possible vector via pam_systemd.

Let's get this upstream, so please review!

More information about the dbus mailing list