diff options
| -rw-r--r-- | NEWS | 32 | ||||
| -rw-r--r-- | configure.ac | 4 |
2 files changed, 32 insertions, 4 deletions
@@ -1,7 +1,35 @@ -dbus 1.10.30 (UNRELEASED) +dbus 1.10.x end-of-life plans == -... +The dbus 1.10.x branch was originally released in 2015. It currently +receives security-fix releases whenever necessary, but it is planned to +reach end-of-life status at the end of Debian 9's official security +support (approximately July 2020). If you are a dbus downstream +maintainer in a long-lived OS distribution and you want to use the +upstream dbus-1.10 git branch as a place to share backported security +fixes with other distributions, please contact the dbus maintainers via +the dbus-security mailing list on lists.freedesktop.org. + +dbus 1.10.30 (2020-06-02) +== + +The “centaur bus” release. + +Denial of service fixes: + +• CVE-2020-12049: If a message contains more file descriptors than can + be sent, close those that did get through before reporting error. + Previously, a local attacker could cause the system dbus-daemon (or + another system service with its own DBusServer) to run out of file + descriptors, by repeatedly connecting to the server and sending fds that + would get leaked. + Thanks to Kevin Backhouse of GitHub Security Lab. + (dbus#294, GHSL-2020-057; Simon McVittie) + +Other fixes: + +• Fix a crash when the dbus-daemon is terminated while one or more + monitors are active (dbus#291, dbus!140; Simon McVittie) dbus 1.10.28 (2019-06-11) == diff --git a/configure.ac b/configure.ac index 0ff4f955..ee3da6a9 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [10]) -m4_define([dbus_micro_version], [29]) +m4_define([dbus_micro_version], [30]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) @@ -38,7 +38,7 @@ LT_CURRENT=17 ## increment any time the source changes; set to ## 0 if you increment CURRENT -LT_REVISION=16 +LT_REVISION=17 ## increment if any interfaces have been added; set to 0 ## if any interfaces have been changed or removed. removal has |