From: Simon McVittie Date: Tue, 6 Jun 2023 09:48:03 +0000 (+0100) Subject: Update NEWS X-Git-Tag: dbus-1.15.6~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=05367daa101247b1b5f7648b635cbe47eb220b39;p=thirdparty%2Fdbus.git Update NEWS Signed-off-by: Simon McVittie --- diff --git a/NEWS b/NEWS index a1ce5dcdd..db2f9ce20 100644 --- a/NEWS +++ b/NEWS @@ -1,12 +1,21 @@ dbus 1.15.6 (UNRELEASED) ======================== +Denial-of-service fixes: + +• Fix an assertion failure in dbus-daemon when a privileged Monitoring + connection (dbus-monitor, busctl monitor, gdbus monitor or similar) + is active, and a message from the bus driver cannot be delivered to a + client connection due to rules or outgoing message quota. This + is a denial of service if triggered maliciously by a local attacker. + (dbus#457; hongjinghao, Simon McVittie) + Enhancements: • Special-case reading pseudo-files from Linux /proc to take into account the filesystem's unusual semantics (dbus!401, Luca Boccassi) -Fixes: +Other fixes: • Fix compilation on compilers not supporting __FUNCTION__ (dbus!404, Barnabás Pőcze)