Update NEWS

author Simon McVittie <smcv@collabora.com>

Thu, 2 Aug 2018 18:24:00 +0000 (19:24 +0100)

committer Simon McVittie <smcv@collabora.com>

Thu, 2 Aug 2018 18:24:00 +0000 (19:24 +0100)
author Simon McVittie <smcv@collabora.com>
Thu, 2 Aug 2018 18:24:00 +0000 (19:24 +0100)
committer Simon McVittie <smcv@collabora.com>
Thu, 2 Aug 2018 18:24:00 +0000 (19:24 +0100)
diff --git a/NEWS b/NEWS

index 4fbad4f5d3eb3ed5e9cf9b46e41fd62b3d946af5..4e674a429ff2d76eca41a25a58dee813f7a15493 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,12 @@ dbus 1.12.10 (UNRELEASED)
  
  Fixes:
  
+• Prevent reading up to 3 bytes beyond the end of a truncated message.
+  This could in principle be an information leak or denial of service
+  on the system bus, but is not believed to be exploitable to crash
+  the system bus or leak interesting information in practice.
+  (fd.o #107332, Simon McVittie)
+
  • Fix build with gcc 8 -Werror=cast-function-type
    (fd.o #107349, Simon McVittie)
author	Simon McVittie <smcv@collabora.com>
	Thu, 2 Aug 2018 18:24:00 +0000 (19:24 +0100)
committer	Simon McVittie <smcv@collabora.com>
	Thu, 2 Aug 2018 18:24:00 +0000 (19:24 +0100)