blob: 75d60e487f514454d5c41b8f05680e1c89bebb84 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
D-Bus 1.2.32 (UNRELEASED)
==
• ...
D-Bus 1.2.30 (2012-10-04)
==
• CVE-2012-3524: Don't access environment variables while setuid (fd.o #52202)
This change corresponds to those in D-Bus 1.6.8 and 1.4.24.
D-Bus 1.2.28 (2011-06-10)
==
• Byte-swap foreign-endian messages correctly, preventing a long-standing
local DoS if foreign-endian messages are relayed through the dbus-daemon
(CVE-2011-2200, fd.o #38120, Debian #629938; Simon McVittie)
• Use AC_TRY_COMPILE in configure to avoid a symlink attack in /tmp
during compilation
D-Bus 1.2.26 (21 December 2010)
==
• Fix for CVE-2010-4352: sending messages with excessively-nested variants can
crash the bus. The existing restriction to 64-levels of nesting previously
only applied to the static type signature; now it also applies to dynamic
nesting using variants. Thanks to Rémi Denis-Courmont for discoving this
issue.
• Corrected thread problem causing some calls to hang for 25s
• Enable address reuse on TCP sockets
• Fix use of $servicename in init script
|