Hello,
polkit-0.115 is now available at
http://www.freedesktop.org/software/polkit/releases/polkit-0.115.tar.gz
http://www.freedesktop.org/software/polkit/releases/polkit-0.115.tar.gz.sign
--------------
polkit 0.115
--------------
WARNING WARNING WARNING: This is a prerelease on the road to polkit
1.0. Public API might change and certain parts of the code still needs
some security review. Use at your own risk.
This is polkit 0.115.
Highlights:
Fixes CVE-2018-1116, a local information disclosure and denial of service
caused by trusting client-submitted UIDs when referencing processes.
Thanks to Matthias Gerstner of the SUSE security team for reporting
this issue.
Build requirements
glib, gobject, gio >= 2.32
mozjs-52
gobject-introspection >= 0.6.2 (optional)
pam (optional)
ConsoleKit OR systemd
Changes since polkit 0.114:
Miloslav Trmač (1):
Fix CVE-2018-1116: Trusting client-supplied UID
Ray Strode (3):
Post-release version bump to 0.115
jsauthority: pass "%s" format string to remaining report function
NEWS: fix date from 2017 to 2018 for 0.114 entry
Thanks to our contributors.
Colin Walters and Miloslav Trmač,
July 10, 2018
_______________________________________________
polkit-devel mailing list
polkit-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/polkit-devel
