[Bug 2061155]

[Alex Murray]

Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is available, members of the security team will review it and
publish the package. See the following link for more information:
https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

** Tags added: community-security

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to dbus-broker in Ubuntu.
https://bugs.launchpad.net/bugs/2061155

Title:
  Use-after-close vulnerability in dbus-broker 35. Please upgrade
  package to 36

Status in dbus-broker package in Ubuntu:
  New

Bug description:
  Per https://github.com/bus1/dbus-broker/releases/tag/v36 :

  # dbus-broker - Linux D-Bus Message Broker

  ## CHANGES WITH 36:

      * Fix possible file-descriptor use-after-close, which can lead to
        broker termination or disclosure of internal file-desciptors to
        clients.

  ProblemType: Bug
  DistroRelease: Ubuntu 24.04
  Package: dbus-broker 35-2
  ProcVersionSignature: Ubuntu 6.8.0-22.22-generic 6.8.1
  Uname: Linux 6.8.0-22-generic x86_64
  ApportVersion: 2.28.0-0ubuntu1
  Architecture: amd64
  CasperMD5CheckResult: pass
  CurrentDesktop: ubuntu:GNOME
  Date: Fri Apr 12 11:24:50 2024
  InstallationDate: Installed on 2024-04-08 (4 days ago)
  InstallationMedia: Ubuntu 24.04 LTS "Noble Numbat" - Daily amd64 (20240407.2)
  ProcEnviron:
   LANG=en_US.UTF-8
   PATH=(custom, no user)
   SHELL=/bin/bash
   TERM=xterm-256color
   XDG_RUNTIME_DIR=<set>
  SourcePackage: dbus-broker
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dbus-broker/+bug/2061155/+subscriptions