https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=247730
--- Comment #3 from commit-h...@freebsd.org --- A commit references this bug: Author: tcberner Date: Mon Jul 6 06:22:38 UTC 2020 New revision: 541312 URL: https://svnweb.freebsd.org/changeset/ports/541312 Log: devel/dbus: update to 1.12.20 From upstreams changelog [1]: dbus 1.12.20 (2020-07-02) ========================= The ?temporary nemesis? release. Maybe security fixes: ? On Unix, avoid a use-after-free if two usernames have the same numeric uid. In older versions this could lead to a crash (denial of service) or other undefined behaviour, possibly including incorrect authorization decisions if <policy group=...> is used. Like Unix filesystems, D-Bus' model of identity cannot distinguish between users of different names with the same numeric uid, so this configuration is not advisable on systems where D-Bus will be used. Thanks to Daniel Onaca. (dbus#305, dbus!166; Simon McVittie) Other fixes: ? On Solaris and its derivatives, if a cmsg header is truncated, ensure that we do not overrun the buffer used for fd-passing, even if the kernel tells us to. (dbus#304, dbus!165; Andy Fiddaman) [1] https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12/NEWS PR: 247730 Exp-run by: antoine MFH: 2020Q3 Changes: head/devel/dbus/Makefile head/devel/dbus/distinfo head/devel/dbus/pkg-plist -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ freebsd-desktop@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-desktop To unsubscribe, send any mail to "freebsd-desktop-unsubscr...@freebsd.org"
