diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 25 |
1 files changed, 25 insertions, 0 deletions
@@ -1,3 +1,28 @@ +D-Bus 1.8.16 (2015-02-09) +== + +The “poorly concealed wrestlers” release. + +Security fixes: + +• Do not allow non-uid-0 processes to send forged ActivationFailure + messages. On Linux systems with systemd activation, this would + allow a local denial of service: unprivileged processes could + flood the bus with these forged messages, winning the race with + the actual service activation and causing an error reply + to be sent back when service auto-activation was requested. + This does not prevent the real service from being started, + so it only works while the real service is not running. + (CVE-2015-0245, fd.o #88811; Simon McVittie) + +Other fixes: + +• fix a Windows build failure (fd.o #88009, Ralf Habacker) + +• on Windows, allow up to 8K connections to the dbus-daemon instead of the + previous 64, completing a previous fix which only worked under + Autotools (fd.o #71297, Ralf Habacker) + D-Bus 1.8.14 (2015-01-05) == |