diff options
author | Simon McVittie <smcv@collabora.com> | 2020-06-02 12:18:05 +0100 |
---|---|---|
committer | Simon McVittie <smcv@collabora.com> | 2020-06-02 12:18:05 +0100 |
commit | fc2ee9f73bf3c14f2320f17fd907390ad3b96b54 (patch) | |
tree | 8a66e922bed783a6052a8d652d1493583e908163 /NEWS | |
parent | fc0f29658353dd66b71a74ae2935276cd1410bc1 (diff) | |
download | dbus-fc2ee9f73bf3c14f2320f17fd907390ad3b96b54.tar.gz |
Prepare 1.13.16dbus-1.13.16
Signed-off-by: Simon McVittie <smcv@collabora.com>
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 15 |
1 files changed, 14 insertions, 1 deletions
@@ -1,6 +1,19 @@ -dbus 1.13.16 (UNRELEASED) +dbus 1.13.16 (2020-06-02) ========================= +The “ominous mushroom hat” release. + +Denial of service fixes: + +• CVE-2020-12049: If a message contains more file descriptors than can + be sent, close those that did get through before reporting error. + Previously, a local attacker could cause the system dbus-daemon (or + another system service with its own DBusServer) to run out of file + descriptors, by repeatedly connecting to the server and sending fds that + would get leaked. + Thanks to Kevin Backhouse of GitHub Security Lab. + (dbus#294, GHSL-2020-057; Simon McVittie) + Enhancements: • The API reference manual can be built as a Qt compiled help file if |