Announcing dbus 1.6.20
Simon McVittie
simon.mcvittie at collabora.co.uk
Tue Jun 10 10:34:09 PDT 2014
This is a security release for the old-stable branch. Upgrading to 1.8.4
instead is recommended, but if you need to use 1.6.x:
http://dbus.freedesktop.org/releases/dbus/dbus-1.6.20.tar.gz
http://dbus.freedesktop.org/releases/dbus/dbus-1.6.20.tar.gz.asc
git tag: dbus-1.6.20
new git branch: dbus-1.6
Security fix backported from 1.8.4:
• Alban Crequy at Collabora Ltd. discovered and fixed a
denial-of-service flaw in dbus-daemon, part of the reference
implementation of D-Bus. Additionally, in highly unusual environments
the same flaw could lead to a side channel between processes that
should not be able to communicate. (CVE-2014-3477, fd.o #78979)
Other bug fixes new to this branch, previously fixed in 1.7.x and 1.8.0:
• don't leak memory on out-of-memory while listing activatable or
active services (fd.o #71526, Radoslaw Pajak)
• fix undefined behaviour in a regression test (fd.o #69924, DreamNik)
More information about the dbus
mailing list