In case the mention of the CVE ID in debian/changelog is not enough for
someone to update the security tracker: CVE-2014-3477 is fixed in
dbus/1.6.8-1+deb7u2, which was just accepted into proposed-updates.
It was also fixed in dbus/1.8.4-1 for testing/unstable.
If this change is desired in squeeze-lts (it's only a local denial of
service and there was no DSA, so perhaps not), the upstream dbus-1.2
branch on freedesktop.org has a commit with some trivial merge conflicts
(whitespace) resolved. I don't intend to upload to squeeze-lts myself.
S
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: https://lists.debian.org/[email protected]
