Your message dated Mon, 27 Apr 2026 15:04:17 +0000
with message-id <[email protected]>
and subject line Bug#1132234: fixed in policykit-1 127-3
has caused the Debian Bug report #1132234,
regarding policykit-1: CVE-2026-4897
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1132234: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132234
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: polkitd
Version: 127-2
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for policykit-1.
CVE-2026-4897[0]:
| A flaw was found in polkit. A local user can exploit this by
| providing a specially crafted, excessively long input to the
| `polkit-agent-helper-1` setuid binary via standard input (stdin).
| This unbounded input can lead to an out-of-memory (OOM) condition,
| resulting in a Denial of Service (DoS) for the system.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-4897
https://www.cve.org/CVERecord?id=CVE-2026-4897
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2451739
[2]
https://github.com/polkit-org/polkit/commit/7e122c8a5120c2aae2d9d44a26796dc18f5b677c
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: policykit-1
Source-Version: 127-3
Done: Andreas Henriksson <[email protected]>
We believe that the bug you reported is fixed in the latest version of
policykit-1, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Henriksson <[email protected]> (supplier of updated policykit-1 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 27 Apr 2026 16:30:49 +0200
Source: policykit-1
Architecture: source
Version: 127-3
Distribution: unstable
Urgency: medium
Maintainer: Utopia Maintenance Team
<[email protected]>
Changed-By: Andreas Henriksson <[email protected]>
Closes: 1132234
Changes:
policykit-1 (127-3) unstable; urgency=medium
.
* Team upload.
.
[ Simon McVittie ]
* Re-word previous changelog entry, fixing an incorrect wrong bug number
.
[ Luca Boccassi ]
* Add build dependency on docbook-xml
.
[ Andreas Henriksson ]
* CVE-2026-4897: getline string overflow (Closes: #1132234)
* Switch build-dependency to libselinux-dev
Checksums-Sha1:
be8bf116a21f0e45781ec0c8ad0d07ca256857cf 3070 policykit-1_127-3.dsc
ea9a7516c448a42adff0a0f88629d13d14d90ad9 472872 policykit-1_127.orig.tar.gz
bb5fccaa7c6f9f96cd55aaac7d83cd24db244d96 31072 policykit-1_127-3.debian.tar.xz
3f0c7e58f36437c0a6b9a9f916437a56c963bb9d 8967
policykit-1_127-3_source.buildinfo
Checksums-Sha256:
8063f075b8a6ffbde3dc727c5405011252a808d94cd068626657e9fc08896586 3070
policykit-1_127-3.dsc
9b7bc16f086479dcc626c575976568ba4a85d34297a750d8ab3d2e57f6d8b988 472872
policykit-1_127.orig.tar.gz
41fb30de348a948a2eaa4a5f757d65b308cb22b80a558aaab199c399088a3ee2 31072
policykit-1_127-3.debian.tar.xz
2b1f6c95587a3d77e114d723ff5c0eb021d452e0ea543b614211421c3af31031 8967
policykit-1_127-3_source.buildinfo
Files:
e9c74a4ff8995eda9c3ef1c1851a5062 3070 admin optional policykit-1_127-3.dsc
2cc95f1b02fc1de6c9e52db986642ec4 472872 admin optional
policykit-1_127.orig.tar.gz
439e1ead7b31b38220d600853f6be7e2 31072 admin optional
policykit-1_127-3.debian.tar.xz
1e90a861fcce84944da750e1834e1057 8967 admin optional
policykit-1_127-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE+uHltkZSvnmOJ4zCC8R9xk0TUwYFAmnveGEACgkQC8R9xk0T
Uwbzpg/+LZJ76s873cwnoO/i1KdjskiPIaJVH+w0+Q+V7yuFM2d6cckPn3KDm0Gq
VMgHX+HTXVYVMmCVzVvnT5fAL+cjWLvtXIGxVp5g2GPo0ifoaPnV5sTwzlrY5WG9
FXTjwgbcT9926pPJ+7u5ecf/ReXEcFv6HLR3wugBc3GLvDjLv+7D5QSxqhiaKPqY
Yg/yjmp2I49Bp9/X0QwDYjHIhEGbMnLPFltXhAMtCu4DA9ABX5Knjvrg4X65NUTe
IJz3IpfLmCeTM65QjuzaLVZy5prpZN6nvR0uOqJmRjXV0c51tjf/P4xaMlF0I3q9
/t5J1sJ6q3DLVvkMCs5W8KswPL/vBeH5lWBWvf6EFLzTXExee+L7XkfqG4/uRZqf
N9OH3v6TJTxejN4IWQjdvSEyzzK8FuHC5XPaehR1R1e0Cy0C3lW5HEbuloCPQ1cY
wlquVKKozEGfAoH4rNh+zhXvSU6ypEbErGAofFm3s8AB6DHTzUwRqDw3Jtvu8dbU
/itg+338YXrOVOe4okC1ybD0Tc+Za6543T1zEOJTAI9N/2sD2QwzY6dE/ceSDDOh
uHyy7hHPBZDo9As384DEqmDePhRNspRfE7I14FkxztPbZBD5//VhF/br4IGb6CAa
u+x6pg9czt3sCQ9naZnNH4Izi+q4p2z7kswiBNePzfr3ZjD7Ddo=
=PRiu
-----END PGP SIGNATURE-----
pgpH6A1nHudif.pgp
Description: PGP signature
--- End Message ---
_______________________________________________
Pkg-utopia-maintainers mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers
