CVE-2014-3477, fdo#78979, bnc#881137

OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=165
2014-06-11 05:04:36 +00:00 · 2014-06-11 05:04:36 +00:00 · 055f0aa655
commit 055f0aa655
parent f01b6437b2
6 changed files with 31 additions and 5 deletions
--- a/dbus-1-x11.changes
+++ b/dbus-1-x11.changes
@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Wed Jun 11 04:58:38 UTC 2014 - fstrba@suse.com
+
+- Update to 1.8.2:
+  + Security fix:
+    - Alban Crequy at Collabora Ltd. discovered and fixed a
+      denial-of-service flaw in dbus-daemon, part of the reference
+      implementation of D-Bus.
+      Additionally, in highly unusual environments the same flaw
+      could lead to a side channel between processes that should
+      not be able to communicate. (CVE-2014-3477, fdo#78979,
+      bnc#881137)
+
 -------------------------------------------------------------------
 Sat May  3 17:21:00 UTC 2014 - hrvoje.senjan@gmail.com

--- a/dbus-1-x11.spec
+++ b/dbus-1-x11.spec
@ -46,7 +46,7 @@ BuildRequires:  pkgconfig(libsystemd-login)
 BuildRequires:  libexpat-devel
 BuildRequires:  libtool
 BuildRequires:  pkg-config
-Version:        1.8.2
+Version:        1.8.4
 Release:        0
 #
 Source0:        http://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.gz
--- a/dbus-1.8.2.tar.gz
+++ b/dbus-1.8.2.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5689f7411165adc953f37974e276a3028db94447c76e8dd92efe910c6d3bae08
-size 1859949
--- a/dbus-1.8.4.tar.gz
+++ b/dbus-1.8.4.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:3ef63dc8d0111042071ee7f7bafa0650c6ce2d7be957ef0b7ec269495a651ff8
+size 1860286
--- a/dbus-1.changes
+++ b/dbus-1.changes
@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Wed Jun 11 04:58:38 UTC 2014 - fstrba@suse.com
+
+- Update to 1.8.2:
+  + Security fix:
+    - Alban Crequy at Collabora Ltd. discovered and fixed a
+      denial-of-service flaw in dbus-daemon, part of the reference
+      implementation of D-Bus.
+      Additionally, in highly unusual environments the same flaw
+      could lead to a side channel between processes that should
+      not be able to communicate. (CVE-2014-3477, fdo#78979,
+      bnc#881137)
+
 -------------------------------------------------------------------
 Sat May  3 17:21:00 UTC 2014 - hrvoje.senjan@gmail.com

--- a/dbus-1.spec
+++ b/dbus-1.spec
@ -40,7 +40,7 @@ BuildRequires:  pkgconfig(libsystemd-login)
 BuildRequires:  libexpat-devel
 BuildRequires:  libtool
 BuildRequires:  pkg-config
-Version:        1.8.2
+Version:        1.8.4
 Release:        0
 #
 Source0:        http://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.gz