From d35dfa78f7ee90bebc3c8a290a7f5877feb7eb8b Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@debian.org>
Date: Mon, 30 Jun 2014 15:15:50 +0100
Subject: Imported Upstream version 1.8.6

---
 NEWS | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 8ad88829..0944bf42 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,27 @@
+D-Bus 1.8.6 (2014-06-02)
+==
+
+Security fixes:
+
+• On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, silently drop
+  the message. This prevents an attack in which a malicious client can
+  make dbus-daemon disconnect a system service, which is a local
+  denial of service.
+  (fd.o #80163, CVE-2014-3532; Alban Crequy)
+
+• Track remaining Unix file descriptors correctly when more than one
+  message in quick succession contains fds. This prevents another attack
+  in which a malicious client can make dbus-daemon disconnect a system
+  service.
+  (fd.o #79694, fd.o #80469, CVE-2014-3533; Alejandro Martínez Suárez,
+  Simon McVittie, Alban Crequy)
+
+Other fixes:
+
+• When dbus-launch --exit-with-session starts a dbus-daemon but then cannot
+  attach to a session, kill the dbus-daemon as intended
+  (fd.o #74698, Роман Донченко)
+
 D-Bus 1.8.4 (2014-06-10)
 ==
 
-- 
cgit v1.2.3