--- - branch: pkgsrc-2018Q2 date: Fri Aug 24 19:18:27 UTC 2018 files: - new: 1.11.2.1 old: '1.11' path: pkgsrc/security/polkit/Makefile pathrev: pkgsrc/security/polkit/Makefile@1.11.2.1 type: modified - new: 1.7.2.1 old: '1.7' path: pkgsrc/security/polkit/distinfo pathrev: pkgsrc/security/polkit/distinfo@1.7.2.1 type: modified - new: 1.5.2.1 old: '1.5' path: pkgsrc/security/polkit/patches/patch-src_polkit_polkitunixprocess.c pathrev: pkgsrc/security/polkit/patches/patch-src_polkit_polkitunixprocess.c@1.5.2.1 type: modified id: 20180824T191827Z.6b28d09941a20fe8b6a20feec3b2cce91e181600 log: "Pullup ticket #5814 - requested by wiz\nsecurity/polkit: security fix\n\nRevisions pulled up:\n- security/polkit/Makefile 1.12\n- security/polkit/distinfo 1.8\n- security/polkit/patches/patch-src_polkit_polkitunixprocess.c \ 1.6\n\n---\n Module Name:\tpkgsrc\n Committed By:\twiz\n Date:\t\tThu Aug 16 12:30:43 UTC 2018\n\n Modified Files:\n \tpkgsrc/security/polkit: Makefile distinfo\n \tpkgsrc/security/polkit/patches: patch-src_polkit_polkitunixprocess.c\n\n \ Log Message:\n polkit: update to 0.115.\n\n This is polkit 0.115.\n\n Highlights:\n \ Fixes CVE-2018-1116, a local information disclosure and denial of service\n \ caused by trusting client-submitted UIDs when referencing processes.\n Thanks to Matthias Gerstner of the SUSE security team for reporting\n this issue.\n\n \ Changes since polkit 0.114:\n\n Miloslav TrmaƄ\x8D (1):\n Fix CVE-2018-1116: Trusting client-supplied UID\n\n Ray Strode (3):\n Post-release version bump to 0.115\n jsauthority: pass \"%s\" format string to remaining report function\n NEWS: fix date from 2017 to 2018 for 0.114 entry\n" module: pkgsrc subject: 'CVS commit: [pkgsrc-2018Q2] pkgsrc/security/polkit' unixtime: '1535138307' user: bsiegert