notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC
Ukraine
non port: devel/kf5-kauth/files

Number of commits found: 4

Tuesday, 12 Feb 2019
17:48 tcberner search for other commits by this committer
Update KDE Frameworks to 5.55.0

Release Announcement:
  https://www.kde.org/announcements/kde-frameworks-5.55.0.php

PR:		235620
Exp-run by:	antoine
Original commitRevision:492794 
Sunday, 10 Feb 2019
18:04 tcberner search for other commits by this committer
devel/kf5-kauth: add fix for CVE-2019-7443

From https://www.kde.org/info/security/advisory-20190209-1.txt :

KDE Project Security Advisory
=============================

Title:          kauth: Insecure handling of arguments in helpers
Risk Rating:    Medium
CVE:            CVE-2019-7443
Versions:       KDE Frameworks < 5.55.0
Date:           9 February 2019

Overview
========
KAuth allows to pass parameters with arbitrary types to helpers running as root
over DBus. Certain types can cause crashes and trigger decoding arbitrary
images with dynamically loaded plugins.

Solution
========
Update to kauth >= 5.55.0

Or apply the following patch to kauth:
https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a

Credits
=======
Thanks to Fabian Vogt for the report and Albert Astals Cid for the fix.

MFH:		2019Q1
Security:	CVE-2019-7443
Original commitRevision:492623 
Saturday, 20 May 2017
10:24 tcberner search for other commits by this committer
Update KDE Frameworks to 5.34.0

PR:		219314
Reviewed by:	rakuco
Exp-run by:	antoine
Approved by:	rakuco (mentor, implicit)
Differential Revision:	https://reviews.freebsd.org/D10747
Original commitRevision:441306 
Wednesday, 10 May 2017
12:03 tcberner search for other commits by this committer
Add upstream fixes for CVE-2017-8422 to x11/kdelibs4 and devel/kf5-kauth

KAuth contains a logic flaw in which the service invoking dbus
is not properly checked.

This allows spoofing the identity of the caller and with some
carefully crafted calls can lead to gaining root from an
unprivileged account.

https://www.kde.org/info/security/advisory-20170510-1.txt

Reviewed by:	rakuco
Approved by:	rakuco (mentor)
Obtained from:	https://www.kde.org/info/security/advisory-20170510-1.txt
MFH:		2017Q2
Security:	CVE-2017-8422
Differential Revision:	https://reviews.freebsd.org/D10660
Original commitRevision:440556 

Number of commits found: 4