| Summary: | app-accessibility/brltty: Authentication bypass issue | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED INVALID | ||
| Severity: | minor | CC: | accessibility |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1326800 | ||
| Whiteboard: | B3 [upstream] | ||
| Package list: | Runtime testing required: | --- | |
This issue does not affect the current ebuild in the tree. The vulnerable code was not introduced until after the 5.2 release, as discussed on the RedHat bugzilla and verified in the source tarball. |
From ${URL} : An authentication bypass issue was found in brltty that is using polkit to control access to system resources using PID of the process connecting to the server socket. CVE request: http://seclists.org/oss-sec/2016/q2/59 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.