summaryrefslogtreecommitdiff
path: root/NEWS
blob: be5c01448d998e7b3fce410660b1d032e26eca3c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
D-Bus 1.2.28 (UNRELEASED)
==

• Byte-swap foreign-endian messages correctly, preventing a long-standing
  local DoS if foreign-endian messages are relayed through the dbus-daemon
  (fd.o #38120, Debian #629938, no CVE number yet; Simon McVittie)

• Use AC_TRY_COMPILE in configure to avoid a symlink attack in /tmp
  during compilation

D-Bus 1.2.26 (21 December 2010)
==

• Fix for CVE-2010-4352: sending messages with excessively-nested variants can
  crash the bus. The existing restriction to 64-levels of nesting previously
  only applied to the static type signature; now it also applies to dynamic
  nesting using variants. Thanks to Rémi Denis-Courmont for discoving this
  issue.
• Corrected thread problem causing some calls to hang for 25s
• Enable address reuse on TCP sockets
• Fix use of $servicename in init script