Bug#770551: pre-approval: unblock: dbus/1.8.12-1
Control: tags -1 + confirmed moreinfo
On Sat, 2014-11-22 at 11:06 +0000, Simon McVittie wrote:
> Part of the D-Bus patch for CVE-2014-3639 was to reduce an arbitrary timeout
> to make denial of service more difficult. Unfortunately it seems to have
> caused failed or slow boot for some users, particularly on older or slower
> systems while doing an aggressively parallel boot: https://bugs.debian.org/769069
>
> I would like to revert the problematic timeout change, and also add a syslog
> message when it is hit, so we can diagnose the problem. I'm also going to talk
> to the security team about reverting the timeout change for wheezy, and
> possibly adding the syslog message there too.
>
> In addition, the upstream 1.8.x stable branch has a one-line fix for error
> reporting when security policy denies permission to receive a message,
> and some new notes about security contact points. I would like to release 1.8.12
> with these in and upload that to Debian.
Looks okay to me; thanks.
Please remove the moreinfo tag once you've uploaded.
Regards,
Adam
Reply to: