mirror of
https://gitlab.freedesktop.org/dbus/dbus.git
synced 2026-02-05 05:20:29 +01:00
Update NEWS
Signed-off-by: Simon McVittie <smcv@collabora.com>
This commit is contained in:
Simon McVittie
parent
f3b2574f0c
commit
5757fd5480
1 changed files with 20 additions and 1 deletions
21
NEWS
21
NEWS
|
|
@ -1,7 +1,26 @@
|
|||
dbus 1.12.20 (UNRELEASED)
|
||||
=========================
|
||||
|
||||
...
|
||||
The “temporary nemesis” release.
|
||||
|
||||
Maybe security fixes:
|
||||
|
||||
• On Unix, avoid a use-after-free if two usernames have the same
|
||||
numeric uid. In older versions this could lead to a crash (denial of
|
||||
service) or other undefined behaviour, possibly including incorrect
|
||||
authorization decisions if <policy group=...> is used.
|
||||
Like Unix filesystems, D-Bus' model of identity cannot distinguish
|
||||
between users of different names with the same numeric uid, so this
|
||||
configuration is not advisable on systems where D-Bus will be used.
|
||||
Thanks to Daniel Onaca.
|
||||
(dbus#305, dbus!166; Simon McVittie)
|
||||
|
||||
Other fixes:
|
||||
|
||||
• On Solaris and its derivatives, if a cmsg header is truncated, ensure
|
||||
that we do not overrun the buffer used for fd-passing, even if the
|
||||
kernel tells us to.
|
||||
(dbus#304, dbus!165; Andy Fiddaman)
|
||||
|
||||
dbus 1.12.18 (2020-06-02)
|
||||
=========================
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue