Your message dated Fri, 18 Apr 2008 00:32:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#476615: fixed in policykit 0.8-1
has caused the Debian Bug report #476615,
regarding policykit: CVE-2008-1658 format string vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
476615: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476615
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: policykit
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for policykit.
CVE-2008-1658[0]:
| Format string vulnerability in the grant helper
| (polkit-grant-helper.c) in PolicyKit 0.7 and earlier allows attackers
| to cause a denial of service (crash) and possibly execute arbitrary
| code via format strings in a password.
Patch:
http://gitweb.freedesktop.org/?p=PolicyKit.git;a=commitdiff;h=5bc86a14cc0e356bcf8b5f861674f842869b1be7
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1658
http://security-tracker.debian.net/tracker/CVE-2008-1658
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpgoXWrgEcRb.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: policykit
Source-Version: 0.8-1
We believe that the bug you reported is fixed in the latest version of
policykit, which is due to be installed in the Debian FTP archive:
libpolkit-dbus-dev_0.8-1_i386.deb
to pool/main/p/policykit/libpolkit-dbus-dev_0.8-1_i386.deb
libpolkit-dbus2_0.8-1_i386.deb
to pool/main/p/policykit/libpolkit-dbus2_0.8-1_i386.deb
libpolkit-dev_0.8-1_i386.deb
to pool/main/p/policykit/libpolkit-dev_0.8-1_i386.deb
libpolkit-grant-dev_0.8-1_i386.deb
to pool/main/p/policykit/libpolkit-grant-dev_0.8-1_i386.deb
libpolkit-grant2_0.8-1_i386.deb
to pool/main/p/policykit/libpolkit-grant2_0.8-1_i386.deb
libpolkit2_0.8-1_i386.deb
to pool/main/p/policykit/libpolkit2_0.8-1_i386.deb
policykit-doc_0.8-1_all.deb
to pool/main/p/policykit/policykit-doc_0.8-1_all.deb
policykit_0.8-1.diff.gz
to pool/main/p/policykit/policykit_0.8-1.diff.gz
policykit_0.8-1.dsc
to pool/main/p/policykit/policykit_0.8-1.dsc
policykit_0.8-1_i386.deb
to pool/main/p/policykit/policykit_0.8-1_i386.deb
policykit_0.8.orig.tar.gz
to pool/main/p/policykit/policykit_0.8.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <[EMAIL PROTECTED]> (supplier of updated policykit package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 18 Apr 2008 01:39:08 +0200
Source: policykit
Binary: policykit policykit-doc libpolkit2 libpolkit-dev libpolkit-dbus2
libpolkit-dbus-dev libpolkit-grant2 libpolkit-grant-dev
Architecture: source all i386
Version: 0.8-1
Distribution: unstable
Urgency: medium
Maintainer: Utopia Maintenance Team <[EMAIL PROTECTED]>
Changed-By: Michael Biebl <[EMAIL PROTECTED]>
Description:
libpolkit-dbus-dev - library for accessing PolicyKit via D-Bus - development
files
libpolkit-dbus2 - library for accessing PolicyKit via D-Bus
libpolkit-dev - library for accessing PolicyKit - development files
libpolkit-grant-dev - library for obtaining privileges via PolicyKit -
development file
libpolkit-grant2 - library for obtaining privileges via PolicyKit
libpolkit2 - library for accessing PolicyKit
policykit - framework for managing administrative policies and privileges
policykit-doc - documentation for PolicyKit
Closes: 476615
Changes:
policykit (0.8-1) unstable; urgency=medium
.
* New upstream release.
- SECURITY - CVE-2008-1658:
Fixes format string vulnerability in the grant helper. (Closes: #476615)
* debian/control
- Add Build-Depends on pkg-config.
Checksums-Sha1:
b68cb43bcf31d77ac8b6a8f9f79405e99746af01 1573 policykit_0.8-1.dsc
4407f36932142d2792896440805a563c8d90e7df 1226699 policykit_0.8.orig.tar.gz
e094447582d470a557cce947041303c5b456e3d4 4398 policykit_0.8-1.diff.gz
b0a0d1d9e04fabeede0986f6dddf6f942350719c 358718 policykit-doc_0.8-1_all.deb
1c8d46be394b9b94a995cfc4c251d87d3295e11f 125514 policykit_0.8-1_i386.deb
e6e360344badfe51dd74096f60df436c8554019b 98302 libpolkit2_0.8-1_i386.deb
37f4d359de1b036a2cdd1ee27cfee77e017bf8c1 117270 libpolkit-dev_0.8-1_i386.deb
551091c6e8b9b14655c9f58912645725a9b5dd76 81194 libpolkit-dbus2_0.8-1_i386.deb
7eed00c9666494c641e4a139eee7e1d6c1ab2ba8 85546
libpolkit-dbus-dev_0.8-1_i386.deb
7bf37baa9df379630aec35c13ff7fc9dfeab7a3d 77898 libpolkit-grant2_0.8-1_i386.deb
86f8c0b3624fb7831e095c9ff3b609aaa2f14c8f 84556
libpolkit-grant-dev_0.8-1_i386.deb
Checksums-Sha256:
2bb2c4cbd928c7698b76557b10de8a231644af57118d0079adf26d77617893fe 1573
policykit_0.8-1.dsc
92ddda8f5ffb0981c9ac50cf419f73796ccee8d94b4c935735f2f30f6ccd21ba 1226699
policykit_0.8.orig.tar.gz
678ba0ed824271a770fbc4c540178c19ab32d0dbd7b9691a23414fbd850e00a3 4398
policykit_0.8-1.diff.gz
e920621fef7e8acbf165b6a59f8dd08b8511a87284098bf379615e074f946893 358718
policykit-doc_0.8-1_all.deb
21d163d2edb243779f900ca4135e0fb0fe05e9170ff6c3ad227f4af916efa4ed 125514
policykit_0.8-1_i386.deb
a0de9f3dc7f4b514f20f1112cc4f3c0c35c372ca150e9d260a552bc8c5339d83 98302
libpolkit2_0.8-1_i386.deb
1741ba4b96062e1eacaaecb5706198b4f3d3062915d0581e6342a7be09d1b2da 117270
libpolkit-dev_0.8-1_i386.deb
3cd768f01a72f0fd6ef58fab1d25b163dc631578f53a9c6d66a29c05f02d350a 81194
libpolkit-dbus2_0.8-1_i386.deb
0dfac32d80418e75eefccbc63d0d973634a814d8eb3e58d697315df5986608b0 85546
libpolkit-dbus-dev_0.8-1_i386.deb
b9b2ca6238c505004096628e6703a6583a1e3c6c9ab85a965745342ae86b2cf5 77898
libpolkit-grant2_0.8-1_i386.deb
1056295064456413be31c0d52b001f31e37c3e2f6bd958d0f29b92694e33ac33 84556
libpolkit-grant-dev_0.8-1_i386.deb
Files:
b6506816e6e97ed68449e5330eca060d 1573 admin optional policykit_0.8-1.dsc
5c1a4445dbd5cb853132766c5d0ab336 1226699 admin optional
policykit_0.8.orig.tar.gz
271f221eaf8c9cc6f78214092105091d 4398 admin optional policykit_0.8-1.diff.gz
19066b038cd040dc96e86b6b543b69d2 358718 doc optional
policykit-doc_0.8-1_all.deb
17796aacfde857918948bb2916481dab 125514 admin optional policykit_0.8-1_i386.deb
9ff8c06f44a2699efb43f2b3f18cd5f8 98302 libs optional libpolkit2_0.8-1_i386.deb
12a72981d990920f81cafaede3614172 117270 libdevel optional
libpolkit-dev_0.8-1_i386.deb
61ec4b68ad44d96badaeb28601b0a690 81194 libs optional
libpolkit-dbus2_0.8-1_i386.deb
d59deb268178bab29df2e0f1b910fe13 85546 libdevel optional
libpolkit-dbus-dev_0.8-1_i386.deb
30ebf11fafd212359355063f6a51be9d 77898 libs optional
libpolkit-grant2_0.8-1_i386.deb
0c1b65c2d721a021ed8e3cfc3f6217c4 84556 libdevel optional
libpolkit-grant-dev_0.8-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIB+k1h7PER70FhVQRApYxAJ9N78G7pab+0n0FJuLfgoG1GdD89QCggVxQ
1X7aD98qSszCIPxH9090j5E=
=RBxM
-----END PGP SIGNATURE-----
--- End Message ---
