dbus-1.6.8
Colin Walters
walters at verbum.org
Fri Sep 28 14:54:42 PDT 2012
On Fri, 2012-09-28 at 16:28 -0400, Colin Walters wrote:
> http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=1cad15cc272446ade9987840642aa6730ebe92be
> http://dbus.freedesktop.org/releases/dbus/
Also, for anyone who is confused by all of this - I believe the original
patch here is sufficient to prevent all escalation vectors I am aware
of:
https://bugs.freedesktop.org/attachment.cgi?id=67345
The subsequent patches fixed one regression that only affected one
non-public application that we're aware of:
https://bugs.freedesktop.org/attachment.cgi?id=67810
...and attempted to further harden, but this turned out to create
a different regression, so what's ultimately in 1.6.8 is the original
patch, plus a relatively minor patch.
In other words, if you already shipped the original patch, we believe
you likely don't need to do another update.
More information about the dbus
mailing list