From: Simon McVittie Date: Thu, 2 Aug 2018 18:23:52 +0000 (+0100) Subject: Update NEWS X-Git-Tag: dbus-1.13.6~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7e6b3abcf810e0a40313d0f46893e055184cb2fc;p=thirdparty%2Fdbus.git Update NEWS --- diff --git a/NEWS b/NEWS index b38d3d743..3d5359c77 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,12 @@ dbus 1.13.6 (UNRELEASED) Fixes: +• Prevent reading up to 3 bytes beyond the end of a truncated message. + This could in principle be an information leak or denial of service + on the system bus, but is not believed to be exploitable to crash + the system bus or leak interesting information in practice. + (fd.o #107332, Simon McVittie) + • Fix build with gcc 8 -Werror=cast-function-type (fd.o #107349, Simon McVittie)