[ubuntu/disco-proposed] policykit-1 0.105-25 (Accepted)

Jeremy Bicha jeremy at bicha.net
Wed Jan 16 00:01:19 UTC 2019

policykit-1 (0.105-25) unstable; urgency=medium

  * Team upload
  * Add tests-add-tests-for-high-uids.patch
    - Patch from upstream modified by Ubuntu to test high UID fix
  * Compare PolkitUnixProcess uids for temporary authorizations.
    - Fix temporary auth hijacking via PID reuse and non-atomic fork
      (CVE-2019-6133) (Closes: #918985)

policykit-1 (0.105-24) unstable; urgency=medium

  * Allow uid of -1 for a PolkitUnixProcess.
    Revert an overzealous change from the previous security fix that caused
    a critical to be logged when trying to set the uid property to -1 (the
    default value).

policykit-1 (0.105-23) unstable; urgency=high

  * Allow negative uids/gids in PolkitUnixUser and Group objects.
    Fixes a vulnerability in PolicyKit that allows a user with a uid greater
    than INT_MAX to successfully execute arbitrary polkit actions.
    (CVE-2018-19788, Closes: #915332)

Date: 2019-01-15 22:38:17.317844+00:00
Signed-By: Jeremy Bicha <jeremy at bicha.net>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Disco-changes mailing list