Ubuntu
dbus package

please update dbus to 1.2.4

Bug #279425 reported by Nicolas Valcarcel on 2008-10-07

Affects		Status	Importance	Assigned to	Milestone
	dbus (Ubuntu)	Fix Released	Undecided	Martin Pitt

Bug Description

Binary package hint: dbus

dbus has just had a minor release which includes a fix for CVE-2008-3834 and a small number of compilation and portability fixes. Please update it.

Attaching .diff.gz

Related branches

lp:ubuntu/lucid/dbus

CVE References

2008-3834

Revision history for this message

Nicolas Valcarcel (nvalcarcel) wrote on 2008-10-07:

dbus_1.2.4-0ubuntu1.diff.gz Edit (26.7 KiB, text/x-diff)

Revision history for this message

Martin Pitt (pitti) wrote on 2008-10-07:

Will sponsor

Changed in dbus:
assignee:	nobody → pitti
status:	New → In Progress

Revision history for this message

Launchpad Janitor (janitor) wrote on 2008-10-07:

This bug was fixed in the package dbus - 1.2.4-0ubuntu1

---------------
dbus (1.2.4-0ubuntu1) intrepid; urgency=low

  * New upstream bug fix release: (LP: #279425)
    - Fix crash on dbus_signature_validate("a{(ii)i}", NULL), which would
      unexpectedly abort the calling program. [CVE-2008-3834]
    - Close file descriptors before exec()ing helpers, to avoid locking
      hardware like video cards by eternally open file fds. (LP: #230877)
    - A small number of compilation and portability fixes.

-- Martin Pitt <email address hidden> Tue, 07 Oct 2008 15:26:32 +0200

Changed in dbus:
status:	In Progress → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

dbus_1.2.4-0ubuntu1.diff.gz Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntudbus package

please update dbus to 1.2.4

Bug Description

Related branches

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
dbus package