Update NEWS

author: Simon McVittie <smcv@collabora.com> 2018-08-02 19:24:00 +0100
committer: Simon McVittie <smcv@collabora.com> 2018-08-02 19:24:00 +0100
commit: 657ca7a915a9563f7a42ae516d5b6921196aa814 (patch)
tree: c50cb50bbfc0039d35f30d6a3583d470f5a77b77
parent: 75914f3bff1c383b00ec8d2536ead18ca2f20d9f (diff)
download: dbus-657ca7a915a9563f7a42ae516d5b6921196aa814.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 4fbad4f5..4e674a42 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,12 @@ dbus 1.12.10 (UNRELEASED)
 
 Fixes:
 
+• Prevent reading up to 3 bytes beyond the end of a truncated message.
+  This could in principle be an information leak or denial of service
+  on the system bus, but is not believed to be exploitable to crash
+  the system bus or leak interesting information in practice.
+  (fd.o #107332, Simon McVittie)
+
 • Fix build with gcc 8 -Werror=cast-function-type
   (fd.o #107349, Simon McVittie)
author	Simon McVittie <smcv@collabora.com>	2018-08-02 19:24:00 +0100
committer	Simon McVittie <smcv@collabora.com>	2018-08-02 19:24:00 +0100
commit	657ca7a915a9563f7a42ae516d5b6921196aa814 (patch)
tree	c50cb50bbfc0039d35f30d6a3583d470f5a77b77
parent	75914f3bff1c383b00ec8d2536ead18ca2f20d9f (diff)
download	dbus-657ca7a915a9563f7a42ae516d5b6921196aa814.tar.gz