CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2015/07/03 00:52:45
Modified files:
sysutils/polkit: Tag: OPENBSD_5_7 Makefile distinfo
sysutils/polkit/patches: Tag: OPENBSD_5_7 patch-configure_ac
patch-src_polkitagent_polkitagenthelper-bsdauth_c
patch-src_polkitbackend_polkitbackendinteractiveauthority_c
patch-src_polkitbackend_polkitbackendjsauthority_c
Removed files:
sysutils/polkit/patches: Tag: OPENBSD_5_7 patch-Makefile_am
patch-src_polkitagent_polkitagentsession_c
patch-src_polkitbackend_polkitd_c
Log message:
SECURITY update to polkit-0.113.
Fixes CVE-2015-4625, a local privilege escalation due to predictable
authentication session cookie values. Thanks to Tavis Ormandy, Google Project
Zero for reporting this issue. For the future, authentication agents are
encouraged to use PolkitAgentSession instead of using the D-Bus agent response
API directly.
Fixes CVE-2015-3256, various memory corruption vulnerabilities in use of the
JavaScript interpreter, possibly leading to local privilege escalation.
Fixes CVE-2015-3255, a memory corruption vulnerability in handling duplicate
action IDs, possibly leading to local privilege escalation. Thanks to
Laurent Bigonville for reporting this issue.
Fixes CVE-2015-3218, which allowed any local user to crash polkitd. Thanks to
Tavis Ormandy, Google Project Zero, for reporting this issue.
