9bc4853b12
This is polkit 0.115.
Highlights:
Fixes CVE-2018-1116, a local information disclosure and denial of service
caused by trusting client-submitted UIDs when referencing processes.
Thanks to Matthias Gerstner of the SUSE security team for reporting
this issue.
Changes since polkit 0.114:
Miloslav Trmač (1):
Fix CVE-2018-1116: Trusting client-supplied UID
Ray Strode (3):
Post-release version bump to 0.115
jsauthority: pass "%s" format string to remaining report function
NEWS: fix date from 2017 to 2018 for 0.114 entry
|
||
|---|---|---|
| .. | ||
| patch-src_polkit_polkitunixprocess.c | ||
| patch-src_polkitbackend_polkitbackendinteractiveauthority.c | ||
| patch-src_polkitbackend_polkitbackendjsauthority.cpp | ||
| patch-src_polkitbackend_polkitd.c | ||
| patch-src_programs_pkexec.c | ||
| patch-src_programs_pkttyagent.c | ||
| patch-test_mocklib_src_netdb.c | ||
| patch-test_mocklibc_src_grp.c | ||
| patch-test_mocklibc_src_pwd.c | ||