[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 0/1] Dbus update 1.10.12 for core-updates
From: |
Leo Famulari |
Subject: |
[PATCH 0/1] Dbus update 1.10.12 for core-updates |
Date: |
Mon, 10 Oct 2016 13:44:16 -0400 |
There's a format string vulnerability (with unknown impact) in our dbus:
http://seclists.org/oss-sec/2016/q4/85
Please read that message and the linked bug report.
My understanding of the upsream analysis of the format string
vulnerability is that only the bus owner can trigger it. So, if the
vulnerability allows arbitrary code execution, it would mean that root
could execute arbitrary code via the system bus... not a huge problem.
But still undesirable.
What do you think? Should we update this on core-updates? Should we
graft it on master?
Leo Famulari (1):
gnu: dbus: Update to 1.10.12.
gnu/packages/glib.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--
2.10.1
- [PATCH 0/1] Dbus update 1.10.12 for core-updates,
Leo Famulari <=