diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 28 |
1 files changed, 28 insertions, 0 deletions
@@ -1,3 +1,31 @@ +D-Bus 1.4.26 (2013-06-13) +== + +• CVE-2013-2168: Fix misuse of va_list that could be used as a denial + of service for system services. Vulnerability reported by Alexandru Cornea. + (Simon) + +• In the activation helper, when compiled for tests, do not reset the system + bus address, fixing the regression tests. (fd.o #52202, Simon) + +• Don't leak temporary fds pointing to /dev/null (fd.o #56927, Michel HERMIER) + +D-Bus 1.4.24 (2012-09-28) +== + +• CVE-2012-3524: Don't access environment variables (fd.o #52202) + Thanks to work and input from Colin Walters, Simon McVittie, + Geoffrey Thomas, and others. + +• Be more careful about monotonic time vs. real time, fixing DBUS_COOKIE_SHA1 + spec-compliance (fd.o #48580, David Zeuthen) + +• Don't use install(1) within the source/build trees, fixing the build as + non-root when using OpenBSD install(1) (fd.o #48217, Antoine Jacoutot) + +DBus 1.4.22 (never released as a tarball) +== + D-Bus 1.4.20 (2012-03-27) == |