1. 05 Feb, 2015 1 commit
  2. 24 Nov, 2014 1 commit
  3. 06 Nov, 2014 2 commits
  4. 15 Sep, 2014 1 commit
    • Simon McVittie's avatar
      Fix several security issues · cf717118
      Simon McVittie authored
        - CVE-2014-3635: do not accept an extra fd in cmsg padding,
          avoiding a buffer overrun in dbus-daemon or system services
        - CVE-2014-3636: reduce maximum number of file descriptors
           per message from 1024 to 16, to avoid two separate denial-of-service
           attacks that could cause system services to be dropped from the bus
        - CVE-2014-3637: time out connections that have a
           partially-sent message containing a file descriptor, so that
           malicious processes cannot use self-referential file descriptors
           to make a connection that will never close
        - CVE-2014-3638: reduce maximum number of pending replies
          per connection to avoid algorithmic complexity DoS
        - CVE-2014-3639: reduce timeout for authentication and
          do not accept() new connections when all unauthenticated connection
          slots are in use, so that malicious processes cannot prevent new
          connections to the system bus
      cf717118
  5. 30 Jun, 2014 1 commit
  6. 06 Jun, 2014 1 commit
  7. 05 Jun, 2014 1 commit
  8. 12 Jun, 2013 1 commit
  9. 29 Sep, 2012 6 commits
  10. 18 Jul, 2012 5 commits
  11. 03 Jul, 2012 2 commits
  12. 27 Jun, 2012 4 commits
  13. 05 Jun, 2012 9 commits
  14. 27 Mar, 2012 5 commits