Hello, polkit-0.115 is now available at http://www.freedesktop.org/software/polkit/releases/polkit-0.115.tar.gz http://www.freedesktop.org/software/polkit/releases/polkit-0.115.tar.gz.sign
-------------- polkit 0.115 -------------- WARNING WARNING WARNING: This is a prerelease on the road to polkit 1.0. Public API might change and certain parts of the code still needs some security review. Use at your own risk. This is polkit 0.115. Highlights: Fixes CVE-2018-1116, a local information disclosure and denial of service caused by trusting client-submitted UIDs when referencing processes. Thanks to Matthias Gerstner of the SUSE security team for reporting this issue. Build requirements glib, gobject, gio >= 2.32 mozjs-52 gobject-introspection >= 0.6.2 (optional) pam (optional) ConsoleKit OR systemd Changes since polkit 0.114: Miloslav Trmač (1): Fix CVE-2018-1116: Trusting client-supplied UID Ray Strode (3): Post-release version bump to 0.115 jsauthority: pass "%s" format string to remaining report function NEWS: fix date from 2017 to 2018 for 0.114 entry Thanks to our contributors. Colin Walters and Miloslav Trmač, July 10, 2018 _______________________________________________ polkit-devel mailing list polkit-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/polkit-devel