489953 – bluez: dbus policy broken for CVE-2008-4311 [rhel-5.3.z]

Bug 489953 - bluez: dbus policy broken for CVE-2008-4311 [rhel-5.3.z]

Summary: bluez: dbus policy broken for CVE-2008-4311 [rhel-5.3.z]

Keywords:
Status:	CLOSED DEFERRED
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	bluez-utils
Sub Component:
Version:	5.3
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Jiri Moskovcak
QA Contact:	desktop-bugs@redhat.com
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	CVE-2008-4311
TreeView+	depends on / blocked

Reported:	2009-03-12 16:54 UTC by Colin Walters
Modified:	2015-02-01 22:48 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	489955 (view as bug list)
Environment:
Last Closed:	2010-10-29 10:05:56 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Comment 2 Tomas Hoger 2009-03-13 10:23:13 UTC

DBus security policy used by bluez-utils need to be updated to work correctly with fixed system message bus security policy (the one that really denies by default, CVE-2008-4311).

Comment 3 Josh Bressers 2009-09-22 19:11:29 UTC

As CVE-2008-4311 has been deferred, this bug obviously follows suit. If CVE-2008-4311 is fixed in a future update, this bug will be addressed there.

Comment 4 Jiri Moskovcak 2010-10-29 10:05:56 UTC

The dbus change never happened, so closing this as DEFEREED.

Note You need to log in before you can comment on or make changes to this bug.