Announcing dbus 1.4.26

Simon McVittie simon.mcvittie at collabora.co.uk
Thu Jun 13 04:54:22 PDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The “tiny pottery tortoise” release.

This is a stable-branch release fixing a security vulnerability. You
should upgrade; preferably to 1.6.x, but failing that, to this.

http://dbus.freedesktop.org/releases/dbus/dbus-1.4.26.tar.gz
http://dbus.freedesktop.org/releases/dbus/dbus-1.4.26.tar.gz.asc

Fixes:

• CVE-2013-2168: Fix misuse of va_list that could be used as a denial
  of service for system services. Vulnerability reported by Alexandru
  Cornea. (Simon)

• In the activation helper, when compiled for tests, do not reset the
  system bus address, fixing the regression tests. (fd.o #52202, Simon)

• Don't leak temporary fds pointing to /dev/null (fd.o #56927, Michel
  HERMIER)
-----BEGIN PGP SIGNATURE-----

iQIVAwUBUbmy7k3o/ypjx8yQAQj5rg//ZjCjhblMfjgvyvlq6Lud1HXlISCnG3kJ
st2VVq/m6RtE03CjC3JN33lR6V8eEVPTQorYx3LBCJ3L44A2ekGKuhItfbeaZ4OA
PgEiqmEtuJReeC7V5C3PgARLvqWVikvZ9u0kxAH6Sss+MGS7X4aDklbL9pfyYhss
fsGgfD7obGmWAGmLU/X0LLqGG5T81nktxy8JL1xyKgXX9DCKslNCqo5qqu6z3hD1
waLmTTu7GtAWkLzlsP4vsXHINEp6rXUXVkn+670xTneU5rWeICaC6YtbiRKaca4M
RjAg/Of5LkhoxruZnKb90rMEZ9P2k3PVIUsx2aT5WrG7Y2GXVr24DQHCksmTEYJI
BjLOWPIdiXoJSNITSVicZG8wfiiN3Uw+UjQbgSbOrXsSGsjFE/Qa6B7KxYrZTu3t
1Xfo0LmFF/uFcqDAE6jY+1N2DTp+VQMyR2VfBQN2eTR2mQXNd9TxIbFC4tLPWAgi
iQ4O4s5Kerf3GmeSNKkLXtRRRaECrHVvnf7f3Ok+IPtyxQR5WpzqZl3LiIyl5oT2
0tiCYwVc6kkpz2gKOEGAx9RP9r4Fsv9XxzKfG+lLInYxF/JlYX7oJShjeS1NkxW7
95R6OklNOTvglmCWAQTN+TwGvcw1NZju8Wz7x50QrROj6pp3pShb+zJAXKEKXHP9
qWdiNq5MxhA=
=0RKy
-----END PGP SIGNATURE-----


More information about the dbus mailing list