diff options
| author | Miloslav Trmač <mitr@redhat.com> | 2018-07-03 22:12:18 +0200 |
|---|---|---|
| committer | Miloslav Trmač <mitr@redhat.com> | 2018-07-03 22:12:18 +0200 |
| commit | b0a5d0f1a5b835819da630a6d27ed89dd4d7f464 (patch) | |
| tree | 5f650ac9fab946a85664755e028cb2d3cd6ccd80 | |
| parent | bc7ffad53643a9c80231fc41f5582d6a8931c32c (diff) | |
Update NEWS for release0.115
| -rw-r--r-- | NEWS | 17 |
1 files changed, 13 insertions, 4 deletions
@@ -9,24 +9,33 @@ some security review. Use at your own risk. This is polkit 0.115. Highlights: - TODO + Fixes CVE-2018-1116, a local information disclosure and denial of service + caused by trusting client-submitted UIDs when referencing processes. + Thanks to Matthias Gerstner of the SUSE security team for reporting + this issue. Build requirements glib, gobject, gio >= 2.32 - mozjs185 or mozjs-17.0 + mozjs-52 gobject-introspection >= 0.6.2 (optional) pam (optional) ConsoleKit OR systemd Changes since polkit 0.114: - TODO +Miloslav Trmač (1): + Fix CVE-2018-1116: Trusting client-supplied UID + +Ray Strode (3): + Post-release version bump to 0.115 + jsauthority: pass "%s" format string to remaining report function + NEWS: fix date from 2017 to 2018 for 0.114 entry Thanks to our contributors. Colin Walters and Miloslav Trmač, -$DATE +July 10, 2018 -------------- polkit 0.114 |