Date: Sun, 10 Feb 2019 19:21:11 +0000 (UTC) From: "Tobias C. Berner" <tcberner@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r492631 - in branches/2019Q1/devel/kf5-kauth: . files Message-ID: <201902101921.x1AJLBTm089307@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: tcberner Date: Sun Feb 10 19:21:10 2019 New Revision: 492631 URL: https://svnweb.freebsd.org/changeset/ports/492631 Log: MFH: r492623 devel/kf5-kauth: add fix for CVE-2019-7443 From https://www.kde.org/info/security/advisory-20190209-1.txt : KDE Project Security Advisory ============================= Title: kauth: Insecure handling of arguments in helpers Risk Rating: Medium CVE: CVE-2019-7443 Versions: KDE Frameworks < 5.55.0 Date: 9 February 2019 Overview ======== KAuth allows to pass parameters with arbitrary types to helpers running as root over DBus. Certain types can cause crashes and trigger decoding arbitrary images with dynamically loaded plugins. Solution ======== Update to kauth >= 5.55.0 Or apply the following patch to kauth: https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a Credits ======= Thanks to Fabian Vogt for the report and Albert Astals Cid for the fix. Security: CVE-2019-7443 Approved by: ports-secteam (joneum) Added: branches/2019Q1/devel/kf5-kauth/files/ - copied from r492623, head/devel/kf5-kauth/files/ Modified: branches/2019Q1/devel/kf5-kauth/Makefile Directory Properties: branches/2019Q1/ (props changed) Modified: branches/2019Q1/devel/kf5-kauth/Makefile ============================================================================== --- branches/2019Q1/devel/kf5-kauth/Makefile Sun Feb 10 19:13:11 2019 (r492630) +++ branches/2019Q1/devel/kf5-kauth/Makefile Sun Feb 10 19:21:10 2019 (r492631) @@ -2,6 +2,7 @@ PORTNAME= kauth DISTVERSION= ${KDE_FRAMEWORKS_VERSION} +PORTREVISION= 2 CATEGORIES= devel kde kde-frameworks MAINTAINER= kde@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201902101921.x1AJLBTm089307>