svn commit: r492631 - in branches/2019Q1/devel/kf5-kauth: . files
Tobias C. Berner
tcberner at FreeBSD.org
Sun Feb 10 19:21:11 UTC 2019
Author: tcberner
Date: Sun Feb 10 19:21:10 2019
New Revision: 492631
URL: https://svnweb.freebsd.org/changeset/ports/492631
Log:
MFH: r492623
devel/kf5-kauth: add fix for CVE-2019-7443
From https://www.kde.org/info/security/advisory-20190209-1.txt :
KDE Project Security Advisory
=============================
Title: kauth: Insecure handling of arguments in helpers
Risk Rating: Medium
CVE: CVE-2019-7443
Versions: KDE Frameworks < 5.55.0
Date: 9 February 2019
Overview
========
KAuth allows to pass parameters with arbitrary types to helpers running as root
over DBus. Certain types can cause crashes and trigger decoding arbitrary
images with dynamically loaded plugins.
Solution
========
Update to kauth >= 5.55.0
Or apply the following patch to kauth:
https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a
Credits
=======
Thanks to Fabian Vogt for the report and Albert Astals Cid for the fix.
Security: CVE-2019-7443
Approved by: ports-secteam (joneum)
Added:
branches/2019Q1/devel/kf5-kauth/files/
- copied from r492623, head/devel/kf5-kauth/files/
Modified:
branches/2019Q1/devel/kf5-kauth/Makefile
Directory Properties:
branches/2019Q1/ (props changed)
Modified: branches/2019Q1/devel/kf5-kauth/Makefile
==============================================================================
--- branches/2019Q1/devel/kf5-kauth/Makefile Sun Feb 10 19:13:11 2019 (r492630)
+++ branches/2019Q1/devel/kf5-kauth/Makefile Sun Feb 10 19:21:10 2019 (r492631)
@@ -2,6 +2,7 @@
PORTNAME= kauth
DISTVERSION= ${KDE_FRAMEWORKS_VERSION}
+PORTREVISION= 2
CATEGORIES= devel kde kde-frameworks
MAINTAINER= kde at FreeBSD.org
More information about the svn-ports-branches
mailing list