Format: 1.8 Date: Wed, 17 Sep 2014 10:16:51 -0400 Source: dbus Binary: dbus dbus-x11 libdbus-1-3 dbus-1-doc libdbus-1-dev dbus-1-dbg Architecture: arm64 Version: 1.6.18-0ubuntu4.2 Distribution: trusty Urgency: medium Maintainer: Ubuntu Build Daemon Changed-By: Marc Deslauriers Description: dbus - simple interprocess messaging system (daemon and utilities) dbus-1-dbg - simple interprocess messaging system (debug symbols) dbus-1-doc - simple interprocess messaging system (documentation) dbus-x11 - simple interprocess messaging system (X11 deps) libdbus-1-3 - simple interprocess messaging system (library) libdbus-1-dev - simple interprocess messaging system (development headers) Changes: dbus (1.6.18-0ubuntu4.2) trusty-security; urgency=medium . * SECURITY UPDATE: buffer overrun via odd max_message_unix_fds - debian/patches/CVE-2014-3635.patch: do not extra fds in cmsg padding in dbus/dbus-sysdeps-unix.c, allow using _DBUS_STATIC_ASSERT at a non-global scope in dbus/dbus-internals.h, dbus/dbus-macros.h. - CVE-2014-3635 * SECURITY UPDATE: denial of service via large number of fds - debian/patches/CVE-2014-3636.patch: reduce max number of fds in bus/config-parser.c, bus/session.conf.in, dbus/dbus-message.c, dbus/dbus-sysdeps.h. - CVE-2014-3636 * SECURITY UPDATE: denial of service via persistent file descriptiors - debian/patches/CVE-2014-3637.patch: add a timeout to expire pending fds in bus/bus.*, bus/config-parser.c, bus/connection.c, bus/session.conf.in, cmake/bus/dbus-daemon.xml, dbus/dbus-connection-internal.h, dbus/dbus-connection.c, dbus/dbus-message-internal.h, dbus/dbus-message-private.h, dbus/dbus-message.c, dbus/dbus-transport.*. - CVE-2014-3637 * SECURITY UPDATE: denial of service via large number of pending replies - debian/patches/CVE-2014-3638.patch: reduce max_replies_per_connection to 128 in bus/config-parser.c. - CVE-2014-3638 * SECURITY UPDATE: denial of service via incomplete connections - debian/patches/CVE-2014-3639.patch: reduce auth_timeout in bus/config-parser.c, stop listening on DBusServer sockets when reaching max_incomplete_connections in bus/bus.*, bus/connection.*, dbus/dbus-server-protected.h, dbus/dbus-server.c, dbus/dbus-watch.*. - CVE-2014-3639 Checksums-Sha1: 24f2974cb4e4d4fe411aaa994a49213f0b2a5045 186650 dbus_1.6.18-0ubuntu4.2_arm64.deb 1e7efa96078f408e8702bd5b0a9233230e607038 18482 dbus-x11_1.6.18-0ubuntu4.2_arm64.deb 282f3d4da8fd009a954276d3ea34f72bccbf444d 107494 libdbus-1-3_1.6.18-0ubuntu4.2_arm64.deb b5f8615af4d2d34baf1d09ca74a0da5342fb433e 136892 libdbus-1-dev_1.6.18-0ubuntu4.2_arm64.deb 9342b868d22aba671101e86d738a788a15bf3976 3224506 dbus-1-dbg_1.6.18-0ubuntu4.2_arm64.deb Checksums-Sha256: 0f850ebc2a57ac2ac76c7d02d18a1a353444758d3d0e5dc3672198473596bc07 186650 dbus_1.6.18-0ubuntu4.2_arm64.deb b4a70be8386864bc71e3947a953e7f40946e89102b7e89ec203b06b6e19b695a 18482 dbus-x11_1.6.18-0ubuntu4.2_arm64.deb 9d3de8997cd167402e234c54573f78c2a4d1a70712d142b6dcf61911a7b94614 107494 libdbus-1-3_1.6.18-0ubuntu4.2_arm64.deb 40e38dbc5b44f583df9fdf0b5a2bb5bd9ea377f55eaff22bc4d5bb4be29154ff 136892 libdbus-1-dev_1.6.18-0ubuntu4.2_arm64.deb 59a2ae970852197ce5fad488f53e9b858b562d03930e049e8d2fd956f4514f71 3224506 dbus-1-dbg_1.6.18-0ubuntu4.2_arm64.deb Files: 5a67b99bda02bd575d1bfb76fbd65882 186650 admin optional dbus_1.6.18-0ubuntu4.2_arm64.deb ec5e826b032e0903f4e29eb95588034c 18482 x11 optional dbus-x11_1.6.18-0ubuntu4.2_arm64.deb be682fd87d35b7d8369eb6b4594f285b 107494 libs optional libdbus-1-3_1.6.18-0ubuntu4.2_arm64.deb 9601f77851dadc2325cd0551085551ab 136892 libdevel optional libdbus-1-dev_1.6.18-0ubuntu4.2_arm64.deb eb7d6e8fce6dd87c2a7dc8df04428517 3224506 debug extra dbus-1-dbg_1.6.18-0ubuntu4.2_arm64.deb Original-Maintainer: Utopia Maintenance Team