K 10
svn:author
V 8
tcberner
K 8
svn:date
V 27
2019-02-10T19:21:10.888784Z
K 7
svn:log
V 907
MFH: r492623

devel/kf5-kauth: add fix for CVE-2019-7443

From https://www.kde.org/info/security/advisory-20190209-1.txt :

KDE Project Security Advisory
=============================

Title:          kauth: Insecure handling of arguments in helpers
Risk Rating:    Medium
CVE:            CVE-2019-7443
Versions:       KDE Frameworks < 5.55.0
Date:           9 February 2019

Overview
========
KAuth allows to pass parameters with arbitrary types to helpers running as root
over DBus. Certain types can cause crashes and trigger decoding arbitrary
images with dynamically loaded plugins.

Solution
========
Update to kauth >= 5.55.0

Or apply the following patch to kauth:
https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a

Credits
=======
Thanks to Fabian Vogt for the report and Albert Astals Cid for the fix.

Security:	CVE-2019-7443

Approved by:	ports-secteam (joneum)

END