[arch-dev-public] [signoff] dbus-core 1.4.12-1

Ionut Biru ibiru at archlinux.org
Fri Jun 24 10:09:16 EDT 2011


please signoff

D-Bus 1.4.12 (2011-06-10)

Security (local denial of service):

• Byte-swap foreign-endian messages correctly, preventing a long-standing
   local DoS if foreign-endian messages are relayed through the dbus-daemon
   (backporters: this is git commit 
   (fd.o #38120, Debian #629938, no CVE number yet; Simon McVittie)

D-Bus 1.4.10 (2011-06-01)

The "Ape Ale" release.

Notes for distributors:

   This version of D-Bus no longer uses -fPIE by default. Distributions 
   to harden the dbus-daemon and dbus-launch-helper can re-enable this 
if their
   toolchain supports it reliably, via something like:

     ./configure CFLAGS=-fPIE LDFLAGS="-pie -Wl,-z,relro"

for more read them from:


More information about the arch-dev-public mailing list