Date: Sat, 19 Jun 2021 16:14:42 +0000 From: bugzilla-noreply@freebsd.org To: desktop@FreeBSD.org Subject: [Bug 256405] sysutils/polkit: Update to 0.119 Message-ID: <bug-256405-39348-y92AtZBPl2@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-256405-39348@https.bugs.freebsd.org/bugzilla/> References: <bug-256405-39348@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D256405 --- Comment #6 from Bob Frazier <bobf@mrp3.com> --- I just found this pull request patch related to polkit and CVE-2021-3560 https://github.com/microsoft/CBL-Mariner/pull/1010/commits/3e224606ab982726= c118e334736aa51d158b846c I do not know if it is enough to fix everything but it looks like it's the = only one related to the CVE report. This patch was apparently committed on 6/3 if I do my date math correctly I checked the source tarball and it appears to have the patch applied, at l= east for that line of code, and is dated 6/3 (along with the patch). If polkit 0.119 already has this patched, then maybe it's ok now? I did not see a newer version of the code available on the polkit tarball site, nor f= ind any other related patches. (so maybe confirm it with upstream and then good to go?) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-256405-39348-y92AtZBPl2>