Your message dated Tue, 15 Jan 2019 16:57:03 +0000
with message-id <[email protected]>
and subject line Bug#918985: fixed in policykit-1 0.105-25
has caused the Debian Bug report #918985,
regarding policykit-1: CVE-2019-6133: temporary auth hijacking via PID reuse 
and non-atomic fork
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
918985: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918985
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: policykit-1
Version: 0.105-23
Severity: important
Tags: patch security upstream
Forwarded: https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19
Control: found -1 0.105-18

Hi,

The following vulnerability was published for policykit-1.

CVE-2019-6133[0]:
polkit: temporary auth hijacking via PID reuse and non-atomic fork

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-6133
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6133
[1] https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19
[2] https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
[3] 
https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: policykit-1
Source-Version: 0.105-25

We believe that the bug you reported is fixed in the latest version of
policykit-1, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jeremy Bicha <[email protected]> (supplier of updated policykit-1 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 15 Jan 2019 11:11:58 -0500
Source: policykit-1
Binary: policykit-1 policykit-1-doc libpolkit-gobject-1-0 
libpolkit-gobject-1-dev libpolkit-agent-1-0 libpolkit-agent-1-dev 
libpolkit-backend-1-0 libpolkit-backend-1-dev gir1.2-polkit-1.0
Architecture: source
Version: 0.105-25
Distribution: unstable
Urgency: medium
Maintainer: Utopia Maintenance Team 
<[email protected]>
Changed-By: Jeremy Bicha <[email protected]>
Description:
 gir1.2-polkit-1.0 - GObject introspection data for PolicyKit
 libpolkit-agent-1-0 - PolicyKit Authentication Agent API
 libpolkit-agent-1-dev - PolicyKit Authentication Agent API - development files
 libpolkit-backend-1-0 - PolicyKit backend API
 libpolkit-backend-1-dev - PolicyKit backend API - development files
 libpolkit-gobject-1-0 - PolicyKit Authorization API
 libpolkit-gobject-1-dev - PolicyKit Authorization API - development files
 policykit-1 - framework for managing administrative policies and privileges
 policykit-1-doc - documentation for PolicyKit-1
Closes: 918985
Changes:
 policykit-1 (0.105-25) unstable; urgency=medium
 .
   * Team upload
   * Add tests-add-tests-for-high-uids.patch
     - Patch from upstream modified by Ubuntu to test high UID fix
   * Compare PolkitUnixProcess uids for temporary authorizations.
     - Fix temporary auth hijacking via PID reuse and non-atomic fork
       (CVE-2019-6133) (Closes: #918985)
Checksums-Sha1:
 1457d79e301b6ee08fb78c01d81a89795d58eb10 2923 policykit-1_0.105-25.dsc
 c126ac27da15187b530d41685b26986ebabb621d 67080 
policykit-1_0.105-25.debian.tar.xz
 539155f4f22d7205f1197827a3139f9f00dedfe2 9861 
policykit-1_0.105-25_source.buildinfo
Checksums-Sha256:
 104435a5dbbff1f653ba63cfcbe7b9f04153734b12056ca0bead2d0844aaf355 2923 
policykit-1_0.105-25.dsc
 7f4cf6d1759fc01b909321d802063d5c94a5025bf0b95cd7050bea6c4656d3e9 67080 
policykit-1_0.105-25.debian.tar.xz
 76eb9da6f52d33c3cd98ae16168862e4a6dccac2b491aa9082ba010b523b9d7a 9861 
policykit-1_0.105-25_source.buildinfo
Files:
 cf589f962fb79a9a28aa87f627a4325a 2923 admin optional policykit-1_0.105-25.dsc
 d8d909b2d99945fd68e5257810fee316 67080 admin optional 
policykit-1_0.105-25.debian.tar.xz
 61a7b7fa036737902bc1c5b21db26943 9861 admin optional 
policykit-1_0.105-25_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAlw+C64ACgkQ5mx3Wuv+
bH1m0BAAzbx/TFoy16st7/ydrNnl4pv9RcjBoM7pI1yoplb0DMYGD3WurKRw52Tz
omUK/L2/6LwFIMPsLclVU7jpZ4pCsIoJYEIUSmy3rqhYQkh/AxH4UPSQ8BkGEqqy
bIQg/Jx1Ov/kNz75AhJOXl8VhDWSHHHLV/PX5bGuBlpz+RfLxzcCExxm65M9CSQu
cch9swUGOfVSMkmoG6p7smjGH/c/8oWZIoKZqDZPw0nbQRcbobI/2CKUWbby9AWj
WmsTpQS5yovPJSdtYAs3acLxK2XDhszqg941aukcAXfKYBPHUQyrs87Kq67pMiKs
nYfUPh1xm+mgap6o7QR0IZvA6ICqr25Dd75RgeDb26QJONktIWsxyGsGt8Us9pcG
0c7xlyKnBN08S04dn2jCBmSBmlbfoznZcJgFGvir5SEiKJrS4pxr10FO0V4B/+Xq
NIhZlzE23zXfkf0Yp3oUfa+IYv0LQLCI5JtBwoutUkf26s3G4kZMXxWmBj5eab2+
Ftj0YT4vcPKPo01qSo/oWwYe5R1ey2GdSBX7jwwMF7eaS9jok3yxGpvgnip3s2EK
fsdz5u2hF+NQ8lJPIFSzj4cY24hQaqdOMuB7i0tLxtdhs4BltsDB1gQXXeNnL7HP
S/8iwGfy4CWUpFCPiZUTKgrBnyVixoBqXsQ+3YxvfvVfVs7nDrg=
=6JaS
-----END PGP SIGNATURE-----

--- End Message ---
_______________________________________________
Pkg-utopia-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers

Reply via email to