[Bug 256405] sysutils/polkit: Update to 0.119

From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 19 Jun 2021 16:14:42 +0000
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256405

--- Comment #6 from Bob Frazier <bobf_at_mrp3.com> ---
I just found this pull request patch related to polkit and CVE-2021-3560

https://github.com/microsoft/CBL-Mariner/pull/1010/commits/3e224606ab982726c118e334736aa51d158b846c

I do not know if it is enough to fix everything but it looks like it's the only
one related to the CVE report.

This patch was apparently committed on 6/3 if I do my date math correctly

I checked the source tarball and it appears to have the patch applied, at least
for that line of code, and is dated 6/3 (along with the patch).

If polkit 0.119 already has this patched, then maybe it's ok now?  I did not
see a newer version of the code available on the polkit tarball site, nor find
any other related patches.

(so maybe confirm it with upstream and then good to go?)

-- 
You are receiving this mail because:
You are the assignee for the bug.
Received on Sat Jun 19 2021 - 16:14:42 UTC

Original text of this message