question regarding CVE-2019-25058

USBGuard / usbguard

USBGuard is a software framework for implementing USB device authorization policies (what kind of USB devices are authorized) as well as method of use policies (how a USB device may interact with the system)

https://usbguard.github.io/

GNU General Public License v2.0

1.12k stars 138 forks source link

question regarding CVE-2019-25058 #538

Closed rfrohl closed 2 years ago

rfrohl commented 2 years ago

Hi,

the release notes for 1.1.0 state:

Fix unauthorized access via D-Bus [CVE-2019-25058]

I wanted to confirm that the fix would be only:

https://github.com/USBGuard/usbguard/commit/2c8c1ae10a6330736bf2a2d7d8682674b1db47dc

I was a bit unsure where the '2019' comes from. But there does not seem to be any references at the moment.

Thanks!

hartwork commented 2 years ago

@rfrohl no, that's not enough. You will need everything but the GitHub Actions bytes from #531. filterdiff(1) may be of help, just an idea.

rfrohl commented 2 years ago

thanks for the quick response!