There's a format string vulnerability (with unknown impact) in our dbus: http://seclists.org/oss-sec/2016/q4/85
Please read that message and the linked bug report. My understanding of the upsream analysis of the format string vulnerability is that only the bus owner can trigger it. So, if the vulnerability allows arbitrary code execution, it would mean that root could execute arbitrary code via the system bus... not a huge problem. But still undesirable. What do you think? Should we update this on core-updates? Should we graft it on master? Leo Famulari (1): gnu: dbus: Update to 1.10.12. gnu/packages/glib.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 2.10.1