Update NEWS

author Simon McVittie <smcv@collabora.com>

Thu, 2 Aug 2018 18:24:07 +0000 (19:24 +0100)

committer Simon McVittie <smcv@collabora.com>

Thu, 2 Aug 2018 18:24:07 +0000 (19:24 +0100)
author Simon McVittie <smcv@collabora.com>
Thu, 2 Aug 2018 18:24:07 +0000 (19:24 +0100)
committer Simon McVittie <smcv@collabora.com>
Thu, 2 Aug 2018 18:24:07 +0000 (19:24 +0100)
diff --git a/NEWS b/NEWS

index a9cb3e296f462db43a7bd4eb71f15026afe2e07f..6c9f0904a1e8ccaabe458f94005f2800baee5b4e 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,12 @@ dbus 1.10.28 (UNRELEASED)
  
  Fixes:
  
+• Prevent reading up to 3 bytes beyond the end of a truncated message.
+  This could in principle be an information leak or denial of service
+  on the system bus, but is not believed to be exploitable to crash
+  the system bus or leak interesting information in practice.
+  (fd.o #107332, Simon McVittie)
+
  • Fix build with gcc 8 -Werror=cast-function-type
    (fd.o #107349, Simon McVittie)
author	Simon McVittie <smcv@collabora.com>
	Thu, 2 Aug 2018 18:24:07 +0000 (19:24 +0100)
committer	Simon McVittie <smcv@collabora.com>
	Thu, 2 Aug 2018 18:24:07 +0000 (19:24 +0100)