From 657ca7a915a9563f7a42ae516d5b6921196aa814 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Thu, 2 Aug 2018 19:24:00 +0100 Subject: [PATCH] Update NEWS --- NEWS | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/NEWS b/NEWS index 4fbad4f5d..4e674a429 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,12 @@ dbus 1.12.10 (UNRELEASED) Fixes: +• Prevent reading up to 3 bytes beyond the end of a truncated message. + This could in principle be an information leak or denial of service + on the system bus, but is not believed to be exploitable to crash + the system bus or leak interesting information in practice. + (fd.o #107332, Simon McVittie) + • Fix build with gcc 8 -Werror=cast-function-type (fd.o #107349, Simon McVittie) -- 2.47.3