diff options
| author | Simon McVittie <smcv@debian.org> | 2015-02-04 20:14:36 +0000 |
|---|---|---|
| committer | Simon McVittie <smcv@debian.org> | 2015-02-04 20:14:36 +0000 |
| commit | 08e702f5a938b7ec81044f599f03de0a3ad3fce8 (patch) | |
| tree | e1720ac81a56f8994f99ff7b57b18ce9d2f7458c /NEWS | |
| parent | 9f7037805b3f6564710f92d8be80f1953b544884 (diff) | |
| download | dbus-ea9976f78abe5865eae9c6c0c920bb51afb71297.tar.gz | |
Imported Upstream version 1.8.16upstream/1.8.16upstream
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 25 |
1 files changed, 25 insertions, 0 deletions
@@ -1,3 +1,28 @@ +D-Bus 1.8.16 (2015-02-09) +== + +The “poorly concealed wrestlers” release. + +Security fixes: + +• Do not allow non-uid-0 processes to send forged ActivationFailure + messages. On Linux systems with systemd activation, this would + allow a local denial of service: unprivileged processes could + flood the bus with these forged messages, winning the race with + the actual service activation and causing an error reply + to be sent back when service auto-activation was requested. + This does not prevent the real service from being started, + so it only works while the real service is not running. + (CVE-2015-0245, fd.o #88811; Simon McVittie) + +Other fixes: + +• fix a Windows build failure (fd.o #88009, Ralf Habacker) + +• on Windows, allow up to 8K connections to the dbus-daemon instead of the + previous 64, completing a previous fix which only worked under + Autotools (fd.o #71297, Ralf Habacker) + D-Bus 1.8.14 (2015-01-05) == |