From: Simon McVittie <smcv@collabora.com>
Date: Thu, 2 Jul 2020 09:25:13 +0000 (+0100)
Subject: Update NEWS
X-Git-Tag: dbus-1.10.32~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=38fe525fd7b1ba511d270aef5261a3b96db8c099;p=thirdparty%2Fdbus.git

Update NEWS

Signed-off-by: Simon McVittie <smcv@collabora.com>
---

diff --git a/NEWS b/NEWS
index 2f495073e..1739f1dc9 100644
--- a/NEWS
+++ b/NEWS
@@ -13,7 +13,26 @@ the dbus-security mailing list on lists.freedesktop.org.
 dbus 1.10.32 (UNRELEASED)
 ==
 
-...
+The “technically a venom” release.
+
+Maybe security fixes:
+
+• On Unix, avoid a use-after-free if two usernames have the same
+  numeric uid. In older versions this could lead to a crash (denial of
+  service) or other undefined behaviour, possibly including incorrect
+  authorization decisions if <policy group=...> is used.
+  Like Unix filesystems, D-Bus' model of identity cannot distinguish
+  between users of different names with the same numeric uid, so this
+  configuration is not advisable on systems where D-Bus will be used.
+  Thanks to Daniel Onaca.
+  (dbus#305, dbus!166; Simon McVittie)
+
+Other fixes:
+
+• On Solaris and its derivatives, if a cmsg header is truncated, ensure
+  that we do not overrun the buffer used for fd-passing, even if the
+  kernel tells us to.
+  (dbus#304, dbus!165; Andy Fiddaman)
 
 dbus 1.10.30 (2020-06-02)
 ==