[ubuntu/disco-proposed] policykit-1 0.105-25 (Accepted)
Jeremy Bicha
jeremy at bicha.net
Wed Jan 16 00:01:19 UTC 2019
policykit-1 (0.105-25) unstable; urgency=medium
* Team upload
* Add tests-add-tests-for-high-uids.patch
- Patch from upstream modified by Ubuntu to test high UID fix
* Compare PolkitUnixProcess uids for temporary authorizations.
- Fix temporary auth hijacking via PID reuse and non-atomic fork
(CVE-2019-6133) (Closes: #918985)
policykit-1 (0.105-24) unstable; urgency=medium
* Allow uid of -1 for a PolkitUnixProcess.
Revert an overzealous change from the previous security fix that caused
a critical to be logged when trying to set the uid property to -1 (the
default value).
policykit-1 (0.105-23) unstable; urgency=high
* Allow negative uids/gids in PolkitUnixUser and Group objects.
Fixes a vulnerability in PolicyKit that allows a user with a uid greater
than INT_MAX to successfully execute arbitrary polkit actions.
(CVE-2018-19788, Closes: #915332)
Date: 2019-01-15 22:38:17.317844+00:00
Signed-By: Jeremy Bicha <jeremy at bicha.net>
https://launchpad.net/ubuntu/+source/policykit-1/0.105-25
-------------- next part --------------
Sorry, changesfile not available.
More information about the Disco-changes
mailing list