[ubuntu/disco-proposed] policykit-1 0.105-22ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Fri Dec 7 16:32:13 UTC 2018
policykit-1 (0.105-22ubuntu1) disco; urgency=medium
* SECURITY UPDATE: authorization bypass with large uid
- debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in
PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c,
src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c.
- debian/patches/CVE-2018-19788-2.patch: add tests to
test/data/etc/group, test/data/etc/passwd,
test/data/etc/polkit-1/localauthority/10-test/com.example.pkla,
test/polkitbackend/polkitbackendlocalauthoritytest.c.
- CVE-2018-19788
Date: Fri, 07 Dec 2018 08:18:07 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/policykit-1/0.105-22ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 07 Dec 2018 08:18:07 -0500
Source: policykit-1
Binary: policykit-1 policykit-1-doc libpolkit-gobject-1-0 libpolkit-gobject-1-dev libpolkit-agent-1-0 libpolkit-agent-1-dev libpolkit-backend-1-0 libpolkit-backend-1-dev gir1.2-polkit-1.0
Architecture: source
Version: 0.105-22ubuntu1
Distribution: disco
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
gir1.2-polkit-1.0 - GObject introspection data for PolicyKit
libpolkit-agent-1-0 - PolicyKit Authentication Agent API
libpolkit-agent-1-dev - PolicyKit Authentication Agent API - development files
libpolkit-backend-1-0 - PolicyKit backend API
libpolkit-backend-1-dev - PolicyKit backend API - development files
libpolkit-gobject-1-0 - PolicyKit Authorization API
libpolkit-gobject-1-dev - PolicyKit Authorization API - development files
policykit-1 - framework for managing administrative policies and privileges
policykit-1-doc - documentation for PolicyKit-1
Changes:
policykit-1 (0.105-22ubuntu1) disco; urgency=medium
.
* SECURITY UPDATE: authorization bypass with large uid
- debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in
PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c,
src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c.
- debian/patches/CVE-2018-19788-2.patch: add tests to
test/data/etc/group, test/data/etc/passwd,
test/data/etc/polkit-1/localauthority/10-test/com.example.pkla,
test/polkitbackend/polkitbackendlocalauthoritytest.c.
- CVE-2018-19788
Checksums-Sha1:
01b2bbb3c010b5344221d9f2a672d895baf795bb 3030 policykit-1_0.105-22ubuntu1.dsc
87ed922e1b2f0d138da0006cbaf01c6d9856a885 64484 policykit-1_0.105-22ubuntu1.debian.tar.xz
4016c0e197688d211c2d480cbd80bc85b16723f3 8931 policykit-1_0.105-22ubuntu1_source.buildinfo
Checksums-Sha256:
6704c37262cf78c2a10866fbeb87673e304fbbdfe95e648c6d20b50944f94944 3030 policykit-1_0.105-22ubuntu1.dsc
93b5afaf404837bd0c8e8a029c71e4ce7154b78996eb9bdcf423c3c4e566c424 64484 policykit-1_0.105-22ubuntu1.debian.tar.xz
09a372a652962922542ee3b80d79ed9e91fdf389ebfe54c120b721f23ef73184 8931 policykit-1_0.105-22ubuntu1_source.buildinfo
Files:
a45a762336236e83d88752b1ae4f268b 3030 admin optional policykit-1_0.105-22ubuntu1.dsc
0b88dd3a1a54126fa8ea0601e0181d1b 64484 admin optional policykit-1_0.105-22ubuntu1.debian.tar.xz
94a80134c6787ae3f091471f1c6939be 8931 admin optional policykit-1_0.105-22ubuntu1_source.buildinfo
Original-Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlwKoDkACgkQZWnYVadE
vpPLLRAAkuedapIHkPgnZKx4sGefdY6dPtJa4yrx5CVcG49i4eUsUvxRHaBKVmaJ
vsw9EeuAlQ9bOcckngLDar6PRhaphPjfGTbQH2Ke3bsZr0qjHMZBAR8UH62xy5rR
VgTZeujLdnmX/Lu65Js6wi/Lb8OmKKJBFB09lUMAt6GR3u23FBIjjhTxZYznD9YJ
uWrdHEYyKkynsOTTww03Vms2ikzDbBHpqCYWaVsAWsjuUmu0evX1CICtCw3ssT+M
w6XP4RFcwCrcy5Y7T5+TRbmzqctIU5n1zZ0ldIvi59WcSO1Seu66oVzoXLh0gFAk
GrJi+pwwCEbWKF94onshULz/+uGxAINLLmtduZAZxKfOU/b6Bi5OGImkD7+x/bii
NOE6pKWt9K967xbFdUZ2UCGAa3uKpV3C/DbDymkcnYuqLYjbFGGuIHbzYjtzMfiE
Am1TSqyRqEW1WN/rtnli6DgpLN7Bcd8ivWltP09MGlOXZUJ4aqWG/pwfEevGCxki
NSH4Y2qch7Mxh0yc5Di5ZRmVs6tmF4aRCbjz55y154+qHgLrBHfnQNXVp8EYekLA
NN+dMZ3p/kB05wtCuic92LFFCi1dOy7XsNbsUPBpccn2jye1rWI12EfTBbkcGlcF
owyJf5JF44frpsdws5fxwxl/tSwB9vVFjic+hDK9vSwUMsRVwyg=
=RwM2
-----END PGP SIGNATURE-----
More information about the Disco-changes
mailing list