[arch-dev-public] [signoff] dbus-core 1.4.12-1
Ionut Biru
ibiru at archlinux.org
Fri Jun 24 10:09:16 EDT 2011
Hi,
please signoff
D-Bus 1.4.12 (2011-06-10)
==
Security (local denial of service):
• Byte-swap foreign-endian messages correctly, preventing a long-standing
local DoS if foreign-endian messages are relayed through the dbus-daemon
(backporters: this is git commit
c3223ba6c401ba81df1305851312a47c485e6cd7)
(fd.o #38120, Debian #629938, no CVE number yet; Simon McVittie)
D-Bus 1.4.10 (2011-06-01)
==
The "Ape Ale" release.
Notes for distributors:
This version of D-Bus no longer uses -fPIE by default. Distributions
wishing
to harden the dbus-daemon and dbus-launch-helper can re-enable this
if their
toolchain supports it reliably, via something like:
./configure CFLAGS=-fPIE LDFLAGS="-pie -Wl,-z,relro"
for more read them from:
http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4
--
Ionuț
More information about the arch-dev-public
mailing list