Fabrice Fontaine b1a75fac5e package/dbus: security bump to version 1.12.24 ... Denial of service fixes: Evgeny Vereshchagin discovered several ways in which an authenticated local attacker could cause a crash (denial of service) in dbus-daemon --system or a custom DBusServer. In uncommon configurations these could potentially be carried out by an authenticated remote attacker. • An invalid array of fixed-length elements where the length of the array is not a multiple of the length of the element would cause an assertion failure in debug builds or an out-of-bounds read in production builds. This was a regression in version 1.3.0. (dbus#413, CVE-2022-42011; Simon McVittie) • A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds. Similar messages could potentially result in a crash or incorrect message processing in a production build, although we are not aware of a practical example. (dbus#418, CVE-2022-42010; Simon McVittie) • A message in non-native endianness with out-of-band Unix file descriptors would cause a use-after-free and possible memory corruption in production builds, or an assertion failure in debug builds. This was a regression in version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie) https://gitlab.freedesktop.org/dbus/dbus/-/blob/dbus-1.12.24/NEWS Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 29586aed96) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>		2022-10-19 10:01:01 +02:00
..
Config.in
dbus.hash	package/dbus: security bump to version 1.12.24	2022-10-19 10:01:01 +02:00
dbus.mk	package/dbus: security bump to version 1.12.24	2022-10-19 10:01:01 +02:00
S30dbus