Description: A vulnerability was reported in D-BUS. A local user can send D-BUS messages to other users. Daniel Reed reported that the session bus does not restrict connections base on the user's uid. A local user can invoke dbus-send to connect to another user's session bus. The flaw resides in 'bus/policy.c'. Impact: A local user can send D-BUS messages to other users.
A patch is available here: https://bugs.freedesktop.org/show_bug.cgi?id=2436
CAN-2005-0201 Impact is unclear, I fear information leak may not be the worse we can expect... foser/base-system, please evaluate FreeDesktop bug and patch accordingly.
added the suggested patch to 0.23-r3 and marked x86 impact is minor imo as discussed on irc
stable on ppc64
Stable on ppc.
stable on amd64
GLSA vote, I vote NO.
I vote NO -> closing.
Tada, now actually closing, sorry for the spam:-)
*** Bug 95671 has been marked as a duplicate of this bug. ***