On Wed, 07 Jun 2023 at 14:24:36 +0100, Simon McVittie wrote:
> [ Reason ]
> Fix a local denial of service for which the security team does not intend
> to do a DSA (dbus#457, #1037151; CVE assignment pending).
CVE-2023-34969 was assigned. I didn't think it was worth editing the
changelog and repinning the package just to add that, so the diff I
previously attached is still current.
I went ahead with uploading to bullseye-proposed-updates in the hope that
this will save the release team some time.
> [ ] the issue is verified as fixed in unstable
> - intentionally not done yet due to the full freeze, because dbus
> has udebs
Now fixed in unstable by 1.14.8-1.
smcv
