Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-Cc: car...@debian.org,s...@pseudorandom.co.uk
Hi Release team Please unblock package policykit-1 [ Reason ] The upload to unstable, 0.105-31, fixes CVE-2021-3560, cf. #989429 a local privilege escalation vulnerability affecting bullseye due to 0.113 patches backported in 0.105-26. [ Impact ] Unfixed local privilege escalation issue unfixed in bullseye. [ Tests ] None specifically. [ Risks ] Low, IMHO, the patch is very isolated to the change in polkit_system_bus_name_get_creds_sync(). [ Checklist ] [x] all changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in testing [ Other info ] None. unblock policykit-1/0.105-31 Regards, Salvatore
diff -Nru policykit-1-0.105/debian/changelog policykit-1-0.105/debian/changelog --- policykit-1-0.105/debian/changelog 2021-02-04 14:56:09.000000000 +0100 +++ policykit-1-0.105/debian/changelog 2021-06-03 18:06:34.000000000 +0200 @@ -1,3 +1,13 @@ +policykit-1 (0.105-31) unstable; urgency=medium + + [ Salvatore Bonaccorso ] + * d/p/CVE-2021-3560.patch: + Fix local privilege escalation involving + polkit_system_bus_name_get_creds_sync() (CVE-2021-3560) + (Closes: #989429) + + -- Simon McVittie <s...@debian.org> Thu, 03 Jun 2021 17:06:34 +0100 + policykit-1 (0.105-30) unstable; urgency=medium [ Helmut Grohne ] diff -Nru policykit-1-0.105/debian/patches/CVE-2021-3560.patch policykit-1-0.105/debian/patches/CVE-2021-3560.patch --- policykit-1-0.105/debian/patches/CVE-2021-3560.patch 1970-01-01 01:00:00.000000000 +0100 +++ policykit-1-0.105/debian/patches/CVE-2021-3560.patch 2021-06-03 18:06:34.000000000 +0200 @@ -0,0 +1,22 @@ +Description: local privilege escalation using polkit_system_bus_name_get_creds_sync() +Origin: upstream +Bug: https://gitlab.freedesktop.org/polkit/polkit/-/issues/140 +Bug-Debian: https://bugs.debian.org/989429 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3560 +Forwarded: not-needed +Author: Salvatore Bonaccorso <car...@debian.org> +Last-Update: 2021-06-03 + +--- a/src/polkit/polkitsystembusname.c ++++ b/src/polkit/polkitsystembusname.c +@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus + while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error)) + g_main_context_iteration (tmp_context, TRUE); + ++ if (data.caught_error) ++ goto out; ++ + if (out_uid) + *out_uid = data.uid; + if (out_pid) + diff -Nru policykit-1-0.105/debian/patches/series policykit-1-0.105/debian/patches/series --- policykit-1-0.105/debian/patches/series 2021-02-04 14:56:09.000000000 +0100 +++ policykit-1-0.105/debian/patches/series 2021-06-03 18:06:34.000000000 +0200 @@ -60,3 +60,4 @@ Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch Statically-link-libpolkit-backend1-into-polkitd.patch Remove-example-null-backend.patch +CVE-2021-3560.patch
