This is for fido and possibly dizzy, not master. D-Bus 1.8.16 fixes CVE-2015-0245 "prevent forged ActivationFailure from non-root processes". This patch does not contain the same fix but a configuration change that upstream suggests as a easily backportable fix.
The issue is only a local denial of service so not terribly dangerous, but should be worth fixing since the patch is not intrusive. I've only tested this on fido, so the [dizzy] is just a suggestion. Cheers, Jussi The following changes since commit eb4a134a60e3ac26a48379675ad6346a44010339: scripts/combo-layer: Fix exit codes and tty handling (2015-06-11 15:00:20 +0100) are available in the git repository at: git://git.yoctoproject.org/poky-contrib jku/dbus-fix-for-fido http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=jku/dbus-fix-for-fido Jussi Kukkonen (1): dbus: CVE-2015-0245: prevent forged ActivationFailure meta/recipes-core/dbus/dbus.inc | 1 + ...015-0245-prevent-forged-ActivationFailure.patch | 48 ++++++++++++++++++++++ 2 files changed, 49 insertions(+) create mode 100644 meta/recipes-core/dbus/dbus/CVE-2015-0245-prevent-forged-ActivationFailure.patch -- 2.1.4 -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
