PublicDateAtUSN: 2013-06-13
Candidate: CVE-2013-2168
PublicDate: 2013-07-03 18:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2168
 https://ubuntu.com/security/notices/USN-1874-1
Description:
 The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in
 D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before
 1.7.4 allows local users to cause a denial of service (service crash) via a
 crafted message.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by: Alexandru Cornea
Assigned-to: mdeslaur
CVSS: 


Patches_dbus:
 upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?id=954d75b2b64e4799f360d2a6bf9cff6d9fee37e7
 upstream: http://cgit.freedesktop.org/dbus/dbus/commit/?id=2420f7ae8b72405de1a41760b213e2e0849b2b8d
upstream_dbus: needs-triage
lucid_dbus: not-affected
precise_dbus: released (1.4.18-1ubuntu1.4)
quantal_dbus: released (1.6.4-1ubuntu4.1)
raring_dbus: released (1.6.8-1ubuntu6.1)
devel_dbus: released (1.6.10-0ubuntu2)