Announcing the release of seatd 0.6.2.
https://git.sr.ht/~kennylevinsen/seatd/refs/0.6.2
---
seatd 0.6.2
This relase contains a security fix for a vulnerability in the
seatd-launch executable.
A user could manipulate the PATH environment variable to cause
seatd-launch to load a different executable than seatd. If seatd-launch
had the SUID bit set and was owned by a privileged user, this could be
used to mount a privilege escalation attack.
seatd and libseat are not affected by this vulnerability.
Kenny Levinsen (4):
ci: Install seatd instead of manipulating PATH
seatd-launch: Use absolute path for seatd
seatd-launch: Specify exact environment to seatd
Bump version to 0.6.2