summaryrefslogtreecommitdiff
path: root/NEWS
blob: 15c0c43c4961d787767a23f3ace5c1606dbf88be (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
D-Bus 1.2.30 (UNRELEASED)
==

D-Bus 1.2.28 (2011-06-10)
==

• Byte-swap foreign-endian messages correctly, preventing a long-standing
  local DoS if foreign-endian messages are relayed through the dbus-daemon
  (CVE-2011-2200, fd.o #38120, Debian #629938; Simon McVittie)

• Use AC_TRY_COMPILE in configure to avoid a symlink attack in /tmp
  during compilation

D-Bus 1.2.26 (21 December 2010)
==

• Fix for CVE-2010-4352: sending messages with excessively-nested variants can
  crash the bus. The existing restriction to 64-levels of nesting previously
  only applied to the static type signature; now it also applies to dynamic
  nesting using variants. Thanks to Rémi Denis-Courmont for discoving this
  issue.
• Corrected thread problem causing some calls to hang for 25s
• Enable address reuse on TCP sockets
• Fix use of $servicename in init script