[Buildroot] [PATCH 1/1] package/dbus: security bump to version 1.12.18
Peter Korsgaard
peter at korsgaard.com
Mon Jul 13 07:06:56 UTC 2020
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> - Fix CVE-2020-12049: An issue was discovered in dbus >= 1.3.0 before
> 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file
> descriptors when a message exceeds the per-message file descriptor
> limit. A local attacker with access to the D-Bus system bus or another
> system service's private AF_UNIX socket could use this to make the
> system service reach its file descriptor limit, denying service to
> subsequent D-Bus clients.
> - Also update indentation in hash file (two spaces)
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2020.02.x and 2020.05.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list