[Buildroot] [git commit] package/dbus: security bump to version 1.2.28
Peter Korsgaard
peter at korsgaard.com
Sun Jul 16 06:06:15 UTC 2023
>>>>> "Arnout" == Arnout Vandecappelle via buildroot <buildroot at buildroot.org> writes:
> commit: https://git.buildroot.net/buildroot/commit/?id=52ae2a4e1d10da4ea46bc730db69a40d79eb835a
> branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
> Fixes the following security issues:
> - CVE-2023-34969: Fix an assertion failure in dbus-daemon when a privileged
> Monitoring connection (dbus-monitor, busctl monitor, gdbus monitor or
> similar) is active, and a message from the bus driver cannot be delivered
> to a client connection due to <deny> rules or outgoing message quota.
> This is a denial of service if triggered maliciously by a local attacker.
> - Fix an incorrect assertion that could be used to crash dbus-daemon or
> other users of DBusServer prior to authentication, if libdbus was compiled
> with assertions enabled.
> For details, see the NEWS file:
> https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12/NEWS
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> Signed-off-by: Arnout Vandecappelle <arnout at mind.be>
Committed to 2023.02.x and 2023.05.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list