Announcing dbus 1.6.20

Simon McVittie simon.mcvittie at
Tue Jun 10 10:34:09 PDT 2014

This is a security release for the old-stable branch. Upgrading to 1.8.4
instead is recommended, but if you need to use 1.6.x:
git tag: dbus-1.6.20
new git branch: dbus-1.6

Security fix backported from 1.8.4:

• Alban Crequy at Collabora Ltd. discovered and fixed a
  denial-of-service flaw in dbus-daemon, part of the reference
  implementation of D-Bus. Additionally, in highly unusual environments
  the same flaw could lead to a side channel between processes that
  should not be able to communicate. (CVE-2014-3477, fd.o #78979)

Other bug fixes new to this branch, previously fixed in 1.7.x and 1.8.0:

• don't leak memory on out-of-memory while listing activatable or
  active services (fd.o #71526, Radoslaw Pajak)

• fix undefined behaviour in a regression test (fd.o #69924, DreamNik)

More information about the dbus mailing list