/[ports]
ViewVC logotype

Revision 440556

Jump to revision: Previous Next
Author: tcberner
Date: Wed May 10 12:03:58 2017 UTC (7 years, 5 months ago)
Changed paths: 5
Log Message: 
Add upstream fixes for CVE-2017-8422 to x11/kdelibs4 and devel/kf5-kauth

KAuth contains a logic flaw in which the service invoking dbus
is not properly checked.

This allows spoofing the identity of the caller and with some
carefully crafted calls can lead to gaining root from an
unprivileged account.

https://www.kde.org/info/security/advisory-20170510-1.txt

Reviewed by:	rakuco
Approved by:	rakuco (mentor)
Obtained from:	https://www.kde.org/info/security/advisory-20170510-1.txt
MFH:		2017Q2
Security:	CVE-2017-8422
Differential Revision:	https://reviews.freebsd.org/D10660

Changed paths

Path Details
Directoryhead/devel/kf5-kauth/Makefile modified , text changed
Directoryhead/devel/kf5-kauth/files/ added
Directoryhead/devel/kf5-kauth/files/patch-git_df875f7_CVE-2017-8422 added
Directoryhead/x11/kdelibs4/Makefile modified , text changed
Directoryhead/x11/kdelibs4/files/patch-git_264e976_CVE-2017-8422 added
  ViewVC Help
Powered by ViewVC 1.1.27