diff options
author | Will Dietz <w@wdtz.org> | 2019-06-11 17:03:50 -0500 |
---|---|---|
committer | Frederik Rietdijk <freddyrietdijk@fridh.nl> | 2019-06-15 18:16:58 +0200 |
commit | 6d7cdd7f8b5b36c66de08ec0b0006d4c6f5d5f28 (patch) | |
tree | 71bd391d3d2137801d4d150acb6b165e5743be48 /pkgs/development/libraries/dbus | |
parent | 40ff73327d60275457368a070cb39ef8bba2cf7e (diff) | |
download | nixpkgs-6d7cdd7f8b5b36c66de08ec0b0006d4c6f5d5f28.tar nixpkgs-6d7cdd7f8b5b36c66de08ec0b0006d4c6f5d5f28.tar.gz nixpkgs-6d7cdd7f8b5b36c66de08ec0b0006d4c6f5d5f28.tar.bz2 nixpkgs-6d7cdd7f8b5b36c66de08ec0b0006d4c6f5d5f28.tar.lz nixpkgs-6d7cdd7f8b5b36c66de08ec0b0006d4c6f5d5f28.tar.xz nixpkgs-6d7cdd7f8b5b36c66de08ec0b0006d4c6f5d5f28.tar.zst nixpkgs-6d7cdd7f8b5b36c66de08ec0b0006d4c6f5d5f28.zip |
dbus: 1.12.14 -> 1.12.16
https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12.16/NEWS It's short and explains the CVE a bit, including below: > CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1 > authentication for identities that differ from the user running the > DBusServer. Previously, a local attacker could manipulate symbolic > links in their own home directory to bypass authentication and connect > to a DBusServer with elevated privileges. The standard system and > session dbus-daemons in their default configuration were immune to this > attack because they did not allow DBUS_COOKIE_SHA1, but third-party > users of DBusServer such as Upstart could be vulnerable. Thanks to Joe > Vennix of Apple Information Security. (dbus#269, Simon McVittie)
Diffstat (limited to 'pkgs/development/libraries/dbus')
-rw-r--r-- | pkgs/development/libraries/dbus/default.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/pkgs/development/libraries/dbus/default.nix b/pkgs/development/libraries/dbus/default.nix index 60d0cc81d2b..abc32b90c6b 100644 --- a/pkgs/development/libraries/dbus/default.nix +++ b/pkgs/development/libraries/dbus/default.nix @@ -6,8 +6,8 @@ assert x11Support -> libX11 != null && libSM != null; let - version = "1.12.14"; - sha256 = "13aca7gzgl7z1dfdipfs23773w8n6z01d4rj5kmssv4gms8c5ya4"; + version = "1.12.16"; + sha256 = "107ckxaff1cv4q6kmfdi2fb1nlsv03312a7kf6lb4biglhpjv8jl"; self = stdenv.mkDerivation { name = "dbus-${version}"; |