There's a format string vulnerability (with unknown impact) in our dbus:

http://seclists.org/oss-sec/2016/q4/85

Please read that message and the linked bug report.

My understanding of the upsream analysis of the format string
vulnerability is that only the bus owner can trigger it. So, if the
vulnerability allows arbitrary code execution, it would mean that root
could execute arbitrary code via the system bus... not a huge problem.
But still undesirable.

What do you think? Should we update this on core-updates? Should we
graft it on master?

Leo Famulari (1):
  gnu: dbus: Update to 1.10.12.

 gnu/packages/glib.scm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

-- 
2.10.1


Reply via email to