UbuntuUpdates.org

Package "dbus-x11"

Name: dbus-x11

Description:

simple interprocess messaging system (X11 deps)
Latest version: 1.4.18-1ubuntu1.10
Release: precise (12.04)
Level: security
Repository: main
Head package: dbus
Homepage: http://dbus.freedesktop.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "dbus-x11"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "dbus-x11" in Precise

Repository Area Version
base main 1.4.18-1ubuntu1
updates main 1.4.18-1ubuntu1.10

Changelog

Version: 1.4.18-1ubuntu1.4 2013-06-13 20:07:01 UTC

  dbus (1.4.18-1ubuntu1.4) precise-security; urgency=low

  * SECURITY UPDATE: denial of service via _dbus_printf_string_upper_bound()
    length.
    - debian/patches/CVE-2013-2168.patch: use a copy of va_list in
      dbus/dbus-sysdeps-unix.c, dbus/dbus-sysdeps-win.c, added test to
      test/Makefile.am, test/internals/printf.c.
    - CVE-2013-2168
 -- Marc Deslauriers <email address hidden> Thu, 13 Jun 2013 10:23:58 -0400
Source diff to previous version
CVE-2013-2168 DoS in system services caused by _dbus_printf_string_upper_bound

Version: 1.4.18-1ubuntu1.3 2012-10-04 13:07:05 UTC

  dbus (1.4.18-1ubuntu1.3) precise-security; urgency=low

  * REGRESSION FIX: some applications launched with the activation helper
    may need DBUS_STARTER_ADDRESS. (LP: #1058343)
    - debian/patches/CVE-2012-3524-regression-fix.patch: hardcode the
      starter address to the default system bus address.
  * REGRESSION FIX: unclean shutdown after dbus upgrade (LP: #740390)
    - debian/libdbus-1-3.postinst: trigger an upstart re-exec before
      shutdown or reboot so that it can safely unmount the root
      filesystem.
 -- Marc Deslauriers <email address hidden> Wed, 03 Oct 2012 06:12:39 -0400
Source diff to previous version
1058343 Regression in CVE-2012-3524 security update
CVE-2012-3524 libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privilege

Version: 1.4.18-1ubuntu1.1 2012-09-20 17:06:53 UTC

  dbus (1.4.18-1ubuntu1.1) precise-security; urgency=low

  * SECURITY UPDATE: privilege escalation via unsanitized environment
    - debian/patches/CVE-2012-3524-dbus.patch: Don't access environment
      variables or run dbus-launch when setuid in configure.ac,
      dbus/dbus-keyring.c, dbus/dbus-sysdeps*
    - CVE-2012-3524
 -- Marc Deslauriers <email address hidden> Fri, 14 Sep 2012 09:01:59 -0400
CVE-2012-3524 libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privilege


About   -   Send Feedback to @ubuntu_updates