Prepare 1.13.16dbus-1.13.16

Signed-off-by: Simon McVittie <smcv@collabora.com>
author: Simon McVittie <smcv@collabora.com> 2020-06-02 12:18:05 +0100
committer: Simon McVittie <smcv@collabora.com> 2020-06-02 12:18:05 +0100
commit: fc2ee9f73bf3c14f2320f17fd907390ad3b96b54 (patch)
tree: 8a66e922bed783a6052a8d652d1493583e908163 /NEWS
parent: fc0f29658353dd66b71a74ae2935276cd1410bc1 (diff)
download: dbus-fc2ee9f73bf3c14f2320f17fd907390ad3b96b54.tar.gz
1 files changed, 14 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index b9a60226..fff361d7 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,19 @@
-dbus 1.13.16 (UNRELEASED)
+dbus 1.13.16 (2020-06-02)
 =========================
 
+The “ominous mushroom hat” release.
+
+Denial of service fixes:
+
+• CVE-2020-12049: If a message contains more file descriptors than can
+  be sent, close those that did get through before reporting error.
+  Previously, a local attacker could cause the system dbus-daemon (or
+  another system service with its own DBusServer) to run out of file
+  descriptors, by repeatedly connecting to the server and sending fds that
+  would get leaked.
+  Thanks to Kevin Backhouse of GitHub Security Lab.
+  (dbus#294, GHSL-2020-057; Simon McVittie)
+
 Enhancements:
 
 • The API reference manual can be built as a Qt compiled help file if
author	Simon McVittie <smcv@collabora.com>	2020-06-02 12:18:05 +0100
committer	Simon McVittie <smcv@collabora.com>	2020-06-02 12:18:05 +0100
commit	fc2ee9f73bf3c14f2320f17fd907390ad3b96b54 (patch)
tree	8a66e922bed783a6052a8d652d1493583e908163 /NEWS
parent	fc0f29658353dd66b71a74ae2935276cd1410bc1 (diff)
download	dbus-fc2ee9f73bf3c14f2320f17fd907390ad3b96b54.tar.gz