[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

CVE-2014-3477 fixed in dbus/1.6.8-1+deb7u2

In case the mention of the CVE ID in debian/changelog is not enough for
someone to update the security tracker: CVE-2014-3477 is fixed in
dbus/1.6.8-1+deb7u2, which was just accepted into proposed-updates.

It was also fixed in dbus/1.8.4-1 for testing/unstable.

If this change is desired in squeeze-lts (it's only a local denial of
service and there was no DSA, so perhaps not), the upstream dbus-1.2
branch on freedesktop.org has a commit with some trivial merge conflicts
(whitespace) resolved. I don't intend to upload to squeeze-lts myself.


Reply to: