---
- branch: MAIN
  date: Sun Jul  6 14:54:32 UTC 2014
  files:
  - new: '1.72'
    old: '1.71'
    path: pkgsrc/sysutils/dbus/Makefile
    pathrev: pkgsrc/sysutils/dbus/Makefile@1.72
    type: modified
  - new: '1.57'
    old: '1.56'
    path: pkgsrc/sysutils/dbus/distinfo
    pathrev: pkgsrc/sysutils/dbus/distinfo@1.57
    type: modified
  id: 20140706T145432Z.75712272e6d310ac4785e5355dbfaedbc4753031
  log: "Update to 1.8.6:\n\nD-Bus 1.8.6 (2014-06-02)\n==\n\nSecurity fixes:\n\nâ\x80¢
    On Linux â\x89¥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, silently drop\n
    \ the message. This prevents an attack in which a malicious client can\n  make
    dbus-daemon disconnect a system service, which is a local\n  denial of service.\n
    \ (fd.o #80163, CVE-2014-3532; Alban Crequy)\n\nâ\x80¢ Track remaining Unix file
    descriptors correctly when more than one\n  message in quick succession contains
    fds. This prevents another attack\n  in which a malicious client can make dbus-daemon
    disconnect a system\n  service.\n  (fd.o #79694, fd.o #80469, CVE-2014-3533; Alejandro
    Martínez Suárez,\n  Simon McVittie, Alban Crequy)\n\nOther fixes:\n\nâ\x80¢
    When dbus-launch --exit-with-session starts a dbus-daemon but then cannot\n  attach
    to a session, kill the dbus-daemon as intended\n  (fd.o #74698, Роман Ð\x94онÑ\x87енко)\n"
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/sysutils/dbus'
  unixtime: '1404658472'
  user: wiz