Reporting D-Bus security issues

Simon McVittie simon.mcvittie at collabora.co.uk
Thu Sep 25 08:51:05 PDT 2014


Hello,
With some help from the freedesktop.org sysadmins, I've set up a more
formal contact address for non-public (embargoed) security issues in D-Bus.

To report a security issue, please either send email to the new
dbus-security at lists.freedesktop.org address, or open a freedesktop.org
bug in the 'dbus' product and check the box to restrict it to "D-BUS
security group -- upstream and vendors".

Specifically, the scope of these contacts is:
* general security issues with the D-Bus protocol itself
* the reference implementation (dbus, libdbus, dbus-daemon)
* the deprecated dbus-glib binding

I would be happy to add maintainers of other major/security-sensitive
D-Bus implementations (particularly GDBus and sd-bus) and extend its
scope to those, if desired. Similarly, if you are the D-Bus maintainer
in a major distribution (same criteria as distros at vs.openwall.org), let
us know.

Regards,
    S


More information about the dbus mailing list