mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-23 22:20:51 +00:00
Code Issues Wiki Activity

dbus: 1.12.14 -> 1.12.16

Browse source 
https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12.16/NEWS

It's short and explains the CVE a bit, including below:

> CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
> authentication for identities that differ from the user running the
> DBusServer. Previously, a local attacker could manipulate symbolic
> links in their own home directory to bypass authentication and connect
> to a DBusServer with elevated privileges. The standard system and
> session dbus-daemons in their default configuration were immune to this
> attack because they did not allow DBUS_COOKIE_SHA1, but third-party
> users of DBusServer such as Upstart could be vulnerable.   Thanks to Joe
> Vennix of Apple Information Security.   (dbus#269, Simon McVittie)
This commit is contained in:
Will Dietz 2019-06-11 17:03:50 -05:00 committed by Frederik Rietdijk
parent 40ff73327d
commit 6d7cdd7f8b
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pkgs/development/libraries/dbus/default.nix
View file

@ -6,8 +6,8 @@ assert x11Support -> libX11 != null
&& libSM != null;
let
version = "1.12.14";
sha256 = "13aca7gzgl7z1dfdipfs23773w8n6z01d4rj5kmssv4gms8c5ya4";
version = "1.12.16";
sha256 = "107ckxaff1cv4q6kmfdi2fb1nlsv03312a7kf6lb4biglhpjv8jl";
self = stdenv.mkDerivation {
name = "dbus-${version}";