Bug#1037196: bullseye-pu: package dbus/1.12.28-0+deb11u1

To: 1037196@bugs.debian.org
Subject: Bug#1037196: bullseye-pu: package dbus/1.12.28-0+deb11u1
From: Simon McVittie <smcv@debian.org>
Date: Sat, 17 Jun 2023 16:22:25 +0100
Message-id: <[🔎] ZI3PsWnApRE2Zx2L@tautology.pseudorandom.co.uk>
Reply-to: Simon McVittie <smcv@debian.org>, 1037196@bugs.debian.org
In-reply-to: <[🔎] ZICFFBUeM7eTANGP@tautology.pseudorandom.co.uk>
References: <[🔎] ZICFFBUeM7eTANGP@tautology.pseudorandom.co.uk> <[🔎] ZICFFBUeM7eTANGP@tautology.pseudorandom.co.uk>

On Wed, 07 Jun 2023 at 14:24:36 +0100, Simon McVittie wrote:
> [ Reason ]
> Fix a local denial of service for which the security team does not intend
> to do a DSA (dbus#457, #1037151; CVE assignment pending).

CVE-2023-34969 was assigned. I didn't think it was worth editing the
changelog and repinning the package just to add that, so the diff I
previously attached is still current.

I went ahead with uploading to bullseye-proposed-updates in the hope that
this will save the release team some time.

>   [ ] the issue is verified as fixed in unstable
>       - intentionally not done yet due to the full freeze, because dbus
>         has udebs

Now fixed in unstable by 1.14.8-1.

    smcv

Reply to:

References:
- Bug#1037196: bullseye-pu: package dbus/1.12.28-0+deb11u1
  - From: Simon McVittie <smcv@debian.org>

Prev by Date: Bug#1038390: bookworm-pu: package vte2.91/0.70.6-1~deb12u1
Next by Date: Bug#1037214: bullseye-pu: package appstream-glib/0.7.18-1+deb11u1
Previous by thread: Bug#1037196: bullseye-pu: package dbus/1.12.28-0+deb11u1
Next by thread: Bug#1037196: dbus 1.12.28-0+deb11u1 flagged for acceptance
Index(es):
- Date
- Thread