Update NEWS

author: Simon McVittie <smcv@collabora.com> 2018-08-02 19:23:52 +0100
committer: Simon McVittie <smcv@collabora.com> 2018-08-02 19:23:52 +0100
commit: 7e6b3abcf810e0a40313d0f46893e055184cb2fc (patch)
tree: ddccca6d72e5caf480e6655b634f7b651b086bb1 /NEWS
parent: e93a775e68daeda5c95984452aee6327e31c17dd (diff)
download: dbus-7e6b3abcf810e0a40313d0f46893e055184cb2fc.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index b38d3d74..3d5359c7 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,12 @@ dbus 1.13.6 (UNRELEASED)
 
 Fixes:
 
+• Prevent reading up to 3 bytes beyond the end of a truncated message.
+  This could in principle be an information leak or denial of service
+  on the system bus, but is not believed to be exploitable to crash
+  the system bus or leak interesting information in practice.
+  (fd.o #107332, Simon McVittie)
+
 • Fix build with gcc 8 -Werror=cast-function-type
   (fd.o #107349, Simon McVittie)
author	Simon McVittie <smcv@collabora.com>	2018-08-02 19:23:52 +0100
committer	Simon McVittie <smcv@collabora.com>	2018-08-02 19:23:52 +0100
commit	7e6b3abcf810e0a40313d0f46893e055184cb2fc (patch)
tree	ddccca6d72e5caf480e6655b634f7b651b086bb1 /NEWS
parent	e93a775e68daeda5c95984452aee6327e31c17dd (diff)
download	dbus-7e6b3abcf810e0a40313d0f46893e055184cb2fc.tar.gz