Re: CVE-2014-3477 fixed in dbus/1.6.8-1+deb7u2
On Thu, Jun 12, 2014 at 08:15:24PM +0100, Simon McVittie wrote:
> In case the mention of the CVE ID in debian/changelog is not enough for
> someone to update the security tracker: CVE-2014-3477 is fixed in
> dbus/1.6.8-1+deb7u2, which was just accepted into proposed-updates.
> It was also fixed in dbus/1.8.4-1 for testing/unstable.
> If this change is desired in squeeze-lts (it's only a local denial of
> service and there was no DSA, so perhaps not), the upstream dbus-1.2
> branch on freedesktop.org has a commit with some trivial merge conflicts
> (whitespace) resolved. I don't intend to upload to squeeze-lts myself.
Just to confirm the security-tracker information: unstable already
marked as fixed. For wheezy it is on the next-point-update list, which
will be merged when the next Wheezy point release is released.
Thanks for notifying!