Updated dbus (1.0.2 -> 1.0.3) : SECURITY - HIGH

CVE-2008-0595 (High) : dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
17 years ago · ebc30d4a7b
1 changed files with 3 additions and 3 deletions
--- a/network/dbus/dbus.desc
+++ b/network/dbus/dbus.desc
@ -2,7 +2,7 @@
 [COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch.
 [COPY]
 [COPY] Filename: package/.../dbus/dbus.desc
-[COPY] Copyright (C) 2006 - 2007 The OpenSDE Project
+[COPY] Copyright (C) 2006 - 2008 The OpenSDE Project
 [COPY] Copyright (C) 2004 - 2006 The T2 SDE Project
 [COPY]
 [COPY] More information can be found in the files COPYING and README.
@ -36,7 +36,7 @@

 [L] GPL
 [S] Beta
-[V] 1.0.2
+[V] 1.0.3
 [P] X -----5---9 112.350

-[D] 2540049283 dbus-1.0.2.tar.gz http://dbus.freedesktop.org/releases/dbus/
+[D] 446788995 dbus-1.0.3.tar.gz http://dbus.freedesktop.org/releases/dbus/