Bug number - 503532

Part of package: dbus.

Bug description:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

Debian Bug report logs -  #503532 send_requested_reply="true" allows all non-reply messages
Package:      dbus; Maintainer for dbus is Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>; Source for dbus is src:dbus (PTS, buildd, popcon).
Reported by: Joachim Breitner <nomeata@debian.org>
Date: Sun, 26 Oct 2008 15:36:14 UTC
Severity: grave
Tags: security
Merged with 508032
Found in versions dbus/1.2.1-3, dbus/1.2.4-1
Fixed in versions dbus/1.2.8-1, dbus/1.2.1-5
Done: Simon McVittie <smcv@debian.org>
Bug is archived. No further changes may be made.

All x-patch and x-diff attachments.



PatchAuthorDate
30-Add-syslog-of-security-denials-and-configuration-fil.patchSimon McVittie <smcv@debian.org>Sun, 4 Jan 2009 17:01:18 +0000
31-Add-message-type-to-security-syslog-entries.patchSimon McVittie <smcv@debian.org>Sun, 4 Jan 2009 17:01:18 +0000
32-Add-optional-logging-on-allow-rules.patchSimon McVittie <smcv@debian.org>Sun, 4 Jan 2009 17:01:18 +0000
33-Add-uid-pid-and-command-to-security-logs.patchSimon McVittie <smcv@debian.org>Sun, 4 Jan 2009 17:01:18 +0000
34-Add-requested_reply-to-send-denials-and-connection.patchSimon McVittie <smcv@debian.org>Sun, 4 Jan 2009 17:01:18 +0000
35-syslog-h.patchSimon McVittie <smcv@debian.org>Sun, 4 Jan 2009 17:01:18 +0000
50-CVE-2008-4311.patchSimon McVittie <smcv@debian.org>Sun, 4 Jan 2009 17:01:18 +0000
51-CVE-2008-4311-but-allow-signals.patchSimon McVittie <smcv@debian.org>Sun, 4 Jan 2009 17:01:18 +0000

Original bug report here.