[Bug 256405] sysutils/polkit: Update to 0.119

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 11 Jun 2021 20:05:48 +0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256405

Bob Frazier <bobf_at_mrp3.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bobf_at_mrp3.com

--- Comment #4 from Bob Frazier <bobf_at_mrp3.com> ---
A new vulnerability in polkit has been discovered on Linux

https://access.redhat.com/security/cve/CVE-2021-3560

This discusses the details of it and steps to repro:

https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/


I have not tried to repro this with older versions of polkit yet (I have
0.114_2 installed on this system, for example) but it is probably worth
investigating before releasing an update of the port.

CVE-2021-3560 was apparently recently discovered and reported yesterday

-- 
You are receiving this mail because:
You are the assignee for the bug.
Received on Fri Jun 11 2021 - 20:05:48 UTC

Original text of this message