[CVE-2008-4311] DBus 1.2.6

Please don’t yet update DBus for CVE-2008-4311. It’s known to break PackageKit, cups, ConsoleKit, DeviceKit, DeviceKit-power, gdm, and system-config-services. There’s a partial bugfix that has been pushed so PackageKit tools still run (without the GetTid or SetLocale errors), but as introspection is still broken they’ll be odd little warnings and errors for other stuff.

I do understand how important this update is, but given this wasn’t a root login vulnerability, or anything crazy like that, I’m surprised it didn’t sit in updates-testing for a few days to fix up all the other system daemons. The worst bit is that it’s broken automatic updates for thousands of people.

I’m planning to spend this morning closing duplicate bugzillas. Fun.