[Buildroot] [PATCH 1/1] package/dbus: security bump to version 1.12.18

Peter Korsgaard peter at korsgaard.com
Mon Jul 13 07:06:56 UTC 2020

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 > - Fix CVE-2020-12049: An issue was discovered in dbus >= 1.3.0 before
 >   1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file
 >   descriptors when a message exceeds the per-message file descriptor
 >   limit. A local attacker with access to the D-Bus system bus or another
 >   system service's private AF_UNIX socket could use this to make the
 >   system service reach its file descriptor limit, denying service to
 >   subsequent D-Bus clients.
 > - Also update indentation in hash file (two spaces)

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed to 2020.02.x and 2020.05.x, thanks.

Bye, Peter Korsgaard

More information about the buildroot mailing list