Announcing dbus 1.13.12

Dorian ROSSE dorianbrice at hotmail.fr
Tue Jun 11 18:35:25 UTC 2019


Hello,


I am running this dbus :

Traitement des actions différées (« triggers ») pour dbus (1.12.2-1ubuntu1) ...

Why too much older ?

Thank you in advance to explain why I run this too much older dbus,

Regards.


Dorian ROSSE.



Provenance : Courrier<https://go.microsoft.com/fwlink/?LinkId=550986> pour Windows 10



________________________________
De : dbus <dbus-bounces at lists.freedesktop.org> de la part de Simon McVittie <smcv at collabora.com>
Envoyé : Tuesday, June 11, 2019 5:05:14 PM
À : dbus at lists.freedesktop.org
Objet : Announcing dbus 1.13.12

This is a development branch for the adventurous, and comes with a risk
of regressions. OS distributions should stay with the 1.12.x branch,
unless they can commit to following the 1.13.x branch until it reaches
a 1.14.0 stable release at an unspecified point in the future.

This version incorporates the same security fix as the 1.12.16 stable
release.

<http://dbus.freedesktop.org/releases/dbus/dbus-1.13.12.tar.xz>
<http://dbus.freedesktop.org/releases/dbus/dbus-1.13.12.tar.xz.asc>
git tag: dbus-1.13.12

The “patio squirrel” release.

Security fixes:

• CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
  authentication for identities that differ from the user running the
  DBusServer. Previously, a local attacker could manipulate symbolic
  links in their own home directory to bypass authentication and connect
  to a DBusServer with elevated privileges. The standard system and
  session dbus-daemons in their default configuration were immune to this
  attack because they did not allow DBUS_COOKIE_SHA1, but third-party
  users of DBusServer such as Upstart could be vulnerable.
  Thanks to Joe Vennix of Apple Information Security.
  (dbus#269, Simon McVittie)

Enhancements:

• dbus-daemon <allow> and <deny> rules can now specify a
  send_destination_prefix attribute, which is like a combination of
  send_destination and the arg0namespace keyword in match rules: a rule
  with send_destination_prefix="com.example.Foo" matches messages sent to
  any destination that is in the queue to own well-known names like
  com.example.Foo or com.example.Foo.A.B (but not com.example.Foobar).
  (dbus!85, Adrian Szyndela)

--
Simon McVittie, Collabora Ltd.
on behalf of the dbus maintainers
_______________________________________________
dbus mailing list
dbus at lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dbus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/dbus/attachments/20190611/d14dcb9a/attachment-0001.html>


More information about the dbus mailing list