community/seatd: upgrade to 0.6.4 (!31332) · Merge requests · alpine / aports

Patrycja Rosa requested to merge ptrcnull/aports:seatd into master Feb 22, 2022

seatd 0.6.4

This release contains a security fix for a vulnerability in the seatd-launch executable.

A user could specify a socket path that collides with an existing file. If seatd-launch had the SUID bit set and was owned by a privileged user, this could be used to remove files that the calling user itself did not have sufficient privileges to remove.

seatd and libseat are not affected by this vulnerability.

Edited Feb 22, 2022 by Patrycja Rosa

community/seatd: upgrade to 0.6.4

Merge request reports