Package: dbus Version: 1.2.1-5 Severity: grave Tags: security , patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for dbus.
CVE-2009-1189[0]: | The _dbus_validate_signature_with_reason function | (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses | incorrect logic to validate a basic type, which allows remote | attackers to spoof a signature via a crafted key. NOTE: this is due | to an incorrect fix for CVE-2008-3834. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Patches available [1]. Please coordinate with the security team to prepare updates for the stable releases. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1189 http://security-tracker.debian.net/tracker/CVE-2009-1189 [1] http://bugs.freedesktop.org/show_bug.cgi?id=17803 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
