From: Simon McVittie Date: Thu, 2 Aug 2018 18:24:07 +0000 (+0100) Subject: Update NEWS X-Git-Tag: dbus-1.10.28~24 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b5384f0866a4a1dafb29085494e5ac38ecabe445;p=thirdparty%2Fdbus.git Update NEWS --- diff --git a/NEWS b/NEWS index a9cb3e296..6c9f0904a 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,12 @@ dbus 1.10.28 (UNRELEASED) Fixes: +• Prevent reading up to 3 bytes beyond the end of a truncated message. + This could in principle be an information leak or denial of service + on the system bus, but is not believed to be exploitable to crash + the system bus or leak interesting information in practice. + (fd.o #107332, Simon McVittie) + • Fix build with gcc 8 -Werror=cast-function-type (fd.o #107349, Simon McVittie)