"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "NEWS" between
dbus-1.12.16.tar.gz and dbus-1.12.18.tar.gz

About: D-Bus is an inter-process communication (IPC) system, allowing multiple, concurrently-running applications to communicate with one another. D-Bus supplies both a system daemon and a per-user-login-session daemon.

NEWS  (dbus-1.12.16):NEWS  (dbus-1.12.18)
dbus 1.12.18 (2020-06-02)
=========================
The “telepathic vines” release.
Denial of service fixes:
• CVE-2020-12049: If a message contains more file descriptors than can
be sent, close those that did get through before reporting error.
Previously, a local attacker could cause the system dbus-daemon (or
another system service with its own DBusServer) to run out of file
descriptors, by repeatedly connecting to the server and sending fds that
would get leaked.
Thanks to Kevin Backhouse of GitHub Security Lab.
(dbus#294, GHSL-2020-057; Simon McVittie)
Other fixes:
• Fix a crash when the dbus-daemon is terminated while one or more
monitors are active (dbus#291, dbus!140; Simon McVittie)
• The dbus-send(1) man page now documents --bus and --peer instead of
the old --address synonym for --peer, which has been deprecated since
the introduction of --bus and --peer in 1.7.6
(fd.o #48816, dbus!115; Chris Morin)
• Fix a wrong environment variable name in dbus-daemon(1)
(dbus#275, dbus!122; Mubin, Philip Withnall)
• Fix formatting of dbus_message_append_args example
(dbus!126, Felipe Franciosi)
• Avoid a test failure on Linux when built in a container as uid 0, but
without the necessary privileges to increase resource limits
(dbus!58, Debian #908092; Simon McVittie)
• When building with CMake, cope with libX11 in a non-standard location
(dbus!129, Tuomo Rinne)
dbus 1.12.16 (2019-06-11) dbus 1.12.16 (2019-06-11)
========================= =========================
The “tree cat” release. The “tree cat” release.
Security fixes: Security fixes:
• CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1 • CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
authentication for identities that differ from the user running the authentication for identities that differ from the user running the
DBusServer. Previously, a local attacker could manipulate symbolic DBusServer. Previously, a local attacker could manipulate symbolic
 End of changes. 1 change blocks. 
0 lines changed or deleted 39 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)