On Mon, Oct 10, 2016 at 10:57:47PM +0200, Ludovic Courtès wrote: > Yeah, seems hard to exploit. Apparently even if we’re not using systemd > activations we could be vulnerable, because it’s about how specific > messages are processed, IIUC. > > > What do you think? Should we update this on core-updates? > > I think so.
Okay. Just to clarify, this will trigger >1000 rebuilds. > > > Should we graft it on master? > > Unless there are possible ABI incompatibilies, it probably doesn’t hurt > to do that. According to the dbus README, the offer a stable ABI within each stable release series: https://dbus.freedesktop.org/doc/README But, I found that the regular approach to grafting does not work for our dbus package. Presumably, it's because (gnu packages glib) exports dbus before defining it.
