[Pkg-utopia-maintainers] Bug#1013343: dbus-broker: CVE-2022-31212

Moritz Muehlenhoff jmm at inutil.org
Thu Jun 23 15:38:39 BST 2022


On Thu, Jun 23, 2022 at 07:24:50AM +0200, Salvatore Bonaccorso wrote:
> 
> Gut feeling, to me this looks something which can be fixed in the
> upcoming point release but would not need a DSA. Will leave the final
> decision on it though to Moritz.

Agreed, I don't think we need a DSA here, this is merely a crash and
I'm not even sure this crosses any reasonable trustr boundary, if
service definitions with untrusted Exec statements are in use, this
is probably the lesser of worries...

Cheers,
        Moritz



More information about the Pkg-utopia-maintainers mailing list