Re: CVE-2014-3477 fixed in dbus/1.6.8-1+deb7u2

To: Simon McVittie <smcv@debian.org>
Cc: debian-security-tracker@lists.debian.org, debian-lts@lists.debian.org
Subject: Re: CVE-2014-3477 fixed in dbus/1.6.8-1+deb7u2
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 12 Jun 2014 23:34:37 +0200
Message-id: <[🔎] 20140612213437.GA4659@eldamar.local>
Mail-followup-to: Simon McVittie <smcv@debian.org>, debian-security-tracker@lists.debian.org, debian-lts@lists.debian.org
In-reply-to: <[🔎] 5399FC4C.7080401@debian.org>
References: <[🔎] 5399FC4C.7080401@debian.org>

Hi Simon,

On Thu, Jun 12, 2014 at 08:15:24PM +0100, Simon McVittie wrote:
> In case the mention of the CVE ID in debian/changelog is not enough for
> someone to update the security tracker: CVE-2014-3477 is fixed in
> dbus/1.6.8-1+deb7u2, which was just accepted into proposed-updates.
> 
> It was also fixed in dbus/1.8.4-1 for testing/unstable.
> 
> If this change is desired in squeeze-lts (it's only a local denial of
> service and there was no DSA, so perhaps not), the upstream dbus-1.2
> branch on freedesktop.org has a commit with some trivial merge conflicts
> (whitespace) resolved. I don't intend to upload to squeeze-lts myself.

Just to confirm the security-tracker information: unstable already
marked as fixed. For wheezy it is on the next-point-update list, which
will be merged when the next Wheezy point release is released.

Thanks for notifying!

Regards,
Salvatore

Reply to:

References:
- CVE-2014-3477 fixed in dbus/1.6.8-1+deb7u2
  - From: Simon McVittie <smcv@debian.org>

Prev by Date: CVE-2014-3477 fixed in dbus/1.6.8-1+deb7u2
Next by Date: Fwd: [SECURITY] [DSA 2954-1] dovecot security update
Previous by thread: CVE-2014-3477 fixed in dbus/1.6.8-1+deb7u2
Next by thread: Draft announce of Debian 6 LTS, please review quickly
Index(es):
- Date
- Thread