| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| CVE-2022-23220-usbview.policy.patch | Fix authorization for inactive or arbitrary other users (CVE-2022-23220) The original settings effectively mean that only a user in a local and active (graphical) session needs to enter a root password to run usbview as root. Users in inactive (e.g. locked) sessions or arbitrary other users (e.g. logged in via SSH) can run usbview as root without providing any authentication at all. diff --git a/org.freedesktop.pkexec.usbview.policy b/org.freedesktop.pkexec.usbview.policy index 0f0bb34..d2c477d 100644 |
Matthias Gerstner <mgerstner@suse.de> | no | vendor | 2022-01-15 | |
| pkexec-hardening.patch | Pass on the command line parameters to GTK only if not invoked via pkexec diff --git a/main.c b/main.c index e0cb7c1..5f7a1e7 100644 |
Matthias Gerstner <mgerstner@suse.de> | no | vendor | 2022-01-15 |