CVE-2014-3477 fixed in dbus/1.6.8-1+deb7u2

To: debian-security-tracker@lists.debian.org, debian-lts@lists.debian.org
Subject: CVE-2014-3477 fixed in dbus/1.6.8-1+deb7u2
From: Simon McVittie <smcv@debian.org>
Date: Thu, 12 Jun 2014 20:15:24 +0100
Message-id: <[🔎] 5399FC4C.7080401@debian.org>

In case the mention of the CVE ID in debian/changelog is not enough for
someone to update the security tracker: CVE-2014-3477 is fixed in
dbus/1.6.8-1+deb7u2, which was just accepted into proposed-updates.

It was also fixed in dbus/1.8.4-1 for testing/unstable.

If this change is desired in squeeze-lts (it's only a local denial of
service and there was no DSA, so perhaps not), the upstream dbus-1.2
branch on freedesktop.org has a commit with some trivial merge conflicts
(whitespace) resolved. I don't intend to upload to squeeze-lts myself.

    S

Reply to:

Follow-Ups:
- Re: CVE-2014-3477 fixed in dbus/1.6.8-1+deb7u2
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Re: Extended Security Support
Next by Date: Re: CVE-2014-3477 fixed in dbus/1.6.8-1+deb7u2
Previous by thread: Re: Extended Security Support
Next by thread: Re: CVE-2014-3477 fixed in dbus/1.6.8-1+deb7u2
Index(es):
- Date
- Thread