Update NEWS

author: Simon McVittie <smcv@collabora.com> 2018-08-02 19:24:07 +0100
committer: Simon McVittie <smcv@collabora.com> 2018-08-02 19:24:07 +0100
commit: b5384f0866a4a1dafb29085494e5ac38ecabe445 (patch)
tree: b59c3b1bf95fdb65e65910f39e645f9cfc8de48b
parent: 9ae18e66e4e6902ed793c40ef92345f2ec126cf3 (diff)
download: dbus-b5384f0866a4a1dafb29085494e5ac38ecabe445.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index a9cb3e29..6c9f0904 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,12 @@ dbus 1.10.28 (UNRELEASED)
 
 Fixes:
 
+• Prevent reading up to 3 bytes beyond the end of a truncated message.
+  This could in principle be an information leak or denial of service
+  on the system bus, but is not believed to be exploitable to crash
+  the system bus or leak interesting information in practice.
+  (fd.o #107332, Simon McVittie)
+
 • Fix build with gcc 8 -Werror=cast-function-type
   (fd.o #107349, Simon McVittie)
author	Simon McVittie <smcv@collabora.com>	2018-08-02 19:24:07 +0100
committer	Simon McVittie <smcv@collabora.com>	2018-08-02 19:24:07 +0100
commit	b5384f0866a4a1dafb29085494e5ac38ecabe445 (patch)
tree	b59c3b1bf95fdb65e65910f39e645f9cfc8de48b
parent	9ae18e66e4e6902ed793c40ef92345f2ec126cf3 (diff)
download	dbus-b5384f0866a4a1dafb29085494e5ac38ecabe445.tar.gz