[PATCH 0/1] Dbus update 1.10.12 for core-updates

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 0/1] Dbus update 1.10.12 for core-updates

From:	Leo Famulari
Subject:	[PATCH 0/1] Dbus update 1.10.12 for core-updates
Date:	Mon, 10 Oct 2016 13:44:16 -0400

There's a format string vulnerability (with unknown impact) in our dbus:

http://seclists.org/oss-sec/2016/q4/85

Please read that message and the linked bug report.

My understanding of the upsream analysis of the format string
vulnerability is that only the bus owner can trigger it. So, if the
vulnerability allows arbitrary code execution, it would mean that root
could execute arbitrary code via the system bus... not a huge problem.
But still undesirable.

What do you think? Should we update this on core-updates? Should we
graft it on master?

Leo Famulari (1):
  gnu: dbus: Update to 1.10.12.

 gnu/packages/glib.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.10.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/1] Dbus update 1.10.12 for core-updates, Leo Famulari <=
- [PATCH 1/1] gnu: dbus: Update to 1.10.12., Leo Famulari, 2016/10/10
- Re: [PATCH 0/1] Dbus update 1.10.12 for core-updates, Kei Kebreau, 2016/10/10
  - Re: [PATCH 0/1] Dbus update 1.10.12 for core-updates, John Darrington, 2016/10/10
    - Re: [PATCH 0/1] Dbus update 1.10.12 for core-updates, Kei Kebreau, 2016/10/10
- Re: [PATCH 0/1] Dbus update 1.10.12 for core-updates, Ludovic Courtès, 2016/10/10
  - Re: [PATCH 0/1] Dbus update 1.10.12 for core-updates, Leo Famulari, 2016/10/12
    - Re: [PATCH 0/1] Dbus update 1.10.12 for core-updates, Ludovic Courtès, 2016/10/13
    - Re: [PATCH 0/1] Dbus update 1.10.12 for core-updates, Leo Famulari, 2016/10/13

Prev by Date: [PATCH 1/1] gnu: dbus: Update to 1.10.12.
Next by Date: Re: [PATCH 0/12]: Add asdf-build-system.
Previous by thread: [PATCH] gnu: font-un: bugfix
Next by thread: [PATCH 1/1] gnu: dbus: Update to 1.10.12.
Index(es):
- Date
- Thread