notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)Want a good monitor light? See my photosAll times are UTC		 Ukraine
non port: devel/kf5-kauth/files

Number of commits found: 4

Tuesday, 12 Feb 2019
17:48 tcberner search for other commits by this committer 
Update KDE Frameworks to 5.55.0

Release Announcement:
  https://www.kde.org/announcements/kde-frameworks-5.55.0.php

PR:		235620
Exp-run by:	antoine
Original commitRevision:492794 
Sunday, 10 Feb 2019
18:04 tcberner search for other commits by this committer 
devel/kf5-kauth: add fix for CVE-2019-7443

From https://www.kde.org/info/security/advisory-20190209-1.txt :

KDE Project Security Advisory
=============================

Title:          kauth: Insecure handling of arguments in helpers
Risk Rating:    Medium
CVE:            CVE-2019-7443
Versions:       KDE Frameworks < 5.55.0
Date:           9 February 2019

Overview
========
KAuth allows to pass parameters with arbitrary types to helpers running as root
over DBus. Certain types can cause crashes and trigger decoding arbitrary
images with dynamically loaded plugins.

Solution
========
Update to kauth >= 5.55.0

Or apply the following patch to kauth:
https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a

Credits
=======
Thanks to Fabian Vogt for the report and Albert Astals Cid for the fix.

MFH:		2019Q1
Security:	CVE-2019-7443
Original commitRevision:492623 
Saturday, 20 May 2017
10:24 tcberner search for other commits by this committer 
Update KDE Frameworks to 5.34.0

PR:		219314
Reviewed by:	rakuco
Exp-run by:	antoine
Approved by:	rakuco (mentor, implicit)
Differential Revision:	https://reviews.freebsd.org/D10747
Original commitRevision:441306 
Wednesday, 10 May 2017
12:03 tcberner search for other commits by this committer 
Add upstream fixes for CVE-2017-8422 to x11/kdelibs4 and devel/kf5-kauth

KAuth contains a logic flaw in which the service invoking dbus
is not properly checked.

This allows spoofing the identity of the caller and with some
carefully crafted calls can lead to gaining root from an
unprivileged account.

https://www.kde.org/info/security/advisory-20170510-1.txt

Reviewed by:	rakuco
Approved by:	rakuco (mentor)
Obtained from:	https://www.kde.org/info/security/advisory-20170510-1.txt
MFH:		2017Q2
Security:	CVE-2017-8422
Differential Revision:	https://reviews.freebsd.org/D10660
Original commitRevision:440556 

Number of commits found: 4
Login
User Login
Create account

Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD

This site
What is FreshPorts?
About the authors
Issues
FAQ
How big is it?
Security Policy
Privacy
Blog
Contact

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
gnutlsNov 21
chromiumNov 18
ungoogled-chromiumNov 18
openvpnNov 17
openvpn-develNov 17
openvpn-develNov 17
pkcs11-helperNov 17
py-pdfminer.sixNov 17
sudo-rsNov 16
sudo-rsNov 16
postgresql13-clientNov 14
postgresql14-clientNov 14
postgresql15-clientNov 14
postgresql16-clientNov 14
postgresql17-clientNov 14

18 vulnerabilities affecting 274 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities

Last processed:
2025-11-21 11:10:32 UTC


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds

Statistics
Graphs
NEW Graphs (Javascript)

Calculated hourly:
Port count 33947
Broken 125
Deprecated 258
Ignore 241
Forbidden 0
Restricted 2
No CDROM 1
Vulnerable 35
Expired 9
Set to expire 203
Interactive 0
new 24 hours 1
new 48 hours4
new 7 days17
new fortnight64
new month151
Servers and bandwidth provided by
New York Internet, iXsystems, and RootBSD 		Valid HTML, CSS, and RSS. Copyright © 2000-2025 Dan Langille. All rights reserved.