mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-12-15 10:12:58 +00:00
6d7cdd7f8b
https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12.16/NEWS It's short and explains the CVE a bit, including below: > CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1 > authentication for identities that differ from the user running the > DBusServer. Previously, a local attacker could manipulate symbolic > links in their own home directory to bypass authentication and connect > to a DBusServer with elevated privileges. The standard system and > session dbus-daemons in their default configuration were immune to this > attack because they did not allow DBUS_COOKIE_SHA1, but third-party > users of DBusServer such as Upstart could be vulnerable. Thanks to Joe > Vennix of Apple Information Security. (dbus#269, Simon McVittie) |
||
---|---|---|
.. | ||
default.nix | ||
implement-getgrouplist.patch | ||
make-dbus-conf.nix | ||
make-session-conf.xsl | ||
make-system-conf.xsl | ||
systemd.patch |