unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* [PATCH 0/1] Dbus update 1.10.12 for core-updates
@ 2016-10-10 17:44 Leo Famulari
  2016-10-10 17:44 ` [PATCH 1/1] gnu: dbus: Update to 1.10.12 Leo Famulari
                   ` (2 more replies)
  0 siblings, 3 replies; 9+ messages in thread
From: Leo Famulari @ 2016-10-10 17:44 UTC (permalink / raw)
  To: guix-devel

There's a format string vulnerability (with unknown impact) in our dbus:

http://seclists.org/oss-sec/2016/q4/85

Please read that message and the linked bug report.

My understanding of the upsream analysis of the format string
vulnerability is that only the bus owner can trigger it. So, if the
vulnerability allows arbitrary code execution, it would mean that root
could execute arbitrary code via the system bus... not a huge problem.
But still undesirable.

What do you think? Should we update this on core-updates? Should we
graft it on master?

Leo Famulari (1):
  gnu: dbus: Update to 1.10.12.

 gnu/packages/glib.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.10.1

^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2016-10-14  3:01 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-10-10 17:44 [PATCH 0/1] Dbus update 1.10.12 for core-updates Leo Famulari
2016-10-10 17:44 ` [PATCH 1/1] gnu: dbus: Update to 1.10.12 Leo Famulari
2016-10-10 18:10 ` [PATCH 0/1] Dbus update 1.10.12 for core-updates Kei Kebreau
2016-10-10 18:39   ` John Darrington
2016-10-10 19:30     ` Kei Kebreau
2016-10-10 20:57 ` Ludovic Courtès
2016-10-12 16:41   ` Leo Famulari
2016-10-13 20:19     ` Ludovic Courtès
2016-10-14  3:01       ` Leo Famulari

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).