Candidate: CVE-2009-1189
PublicDate: 2009-04-27 18:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1189
 https://ubuntu.com/security/notices/USN-799-1
Description:
 The _dbus_validate_signature_with_reason function (dbus-marshal-validate.c)
 in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic
 type, which allows remote attackers to spoof a signature via a crafted key.
  NOTE: this is due to an incorrect fix for CVE-2008-3834.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.freedesktop.org/show_bug.cgi?id=17803
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532720
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_dbus:
 upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?id=e8f8c1c5a2bddfbf43c168323c9c9fd78f51a643
upstream_dbus: released (1.2.14)
dapper_dbus: released (0.60-6ubuntu8.4)
hardy_dbus: released (1.1.20-1ubuntu3.3)
intrepid_dbus: released (1.2.4-0ubuntu1.1)
jaunty_dbus: released (1.2.12-0ubuntu2.1)
devel_dbus: not-affected (1.2.14-2ubuntu5)