[Pkg-utopia-maintainers] Bug#532720: dbus: CVE-2009-1189 incomplete fix for CVE-2008-3834
Michael S. Gilbert
michael.s.gilbert at gmail.com
Wed Jun 10 22:25:00 UTC 2009
Package: dbus
Version: 1.2.1-5
Severity: grave
Tags: security , patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for dbus.
CVE-2009-1189[0]:
| The _dbus_validate_signature_with_reason function
| (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses
| incorrect logic to validate a basic type, which allows remote
| attackers to spoof a signature via a crafted key. NOTE: this is due
| to an incorrect fix for CVE-2008-3834.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry. Patches available [1].
Please coordinate with the security team to prepare updates for the
stable releases.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1189
http://security-tracker.debian.net/tracker/CVE-2009-1189
[1] http://bugs.freedesktop.org/show_bug.cgi?id=17803
More information about the Pkg-utopia-maintainers
mailing list