[ubuntu/saucy-proposed] policykit-1 0.105-3ubuntu3 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Wed Sep 18 17:56:15 UTC 2013
policykit-1 (0.105-3ubuntu3) saucy; urgency=low
* SECURITY UPDATE: use of pkcheck without specifying uid is racy,
possibly leading to privilege escalation
- debian/patches/CVE-2013-4288.patch: implement pid,start-time,uid
syntax so callers have a non-racy way of using pkcheck.
- CVE-2013-4288
Date: Wed, 18 Sep 2013 12:38:05 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/saucy/+source/policykit-1/0.105-3ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 18 Sep 2013 12:38:05 -0400
Source: policykit-1
Binary: policykit-1 policykit-1-doc libpolkit-gobject-1-0 libpolkit-gobject-1-dev libpolkit-agent-1-0 libpolkit-agent-1-dev libpolkit-backend-1-0 libpolkit-backend-1-dev gir1.2-polkit-1.0
Architecture: source
Version: 0.105-3ubuntu3
Distribution: saucy
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
gir1.2-polkit-1.0 - GObject introspection data for PolicyKit
libpolkit-agent-1-0 - PolicyKit Authentication Agent API
libpolkit-agent-1-dev - PolicyKit Authentication Agent API - development files
libpolkit-backend-1-0 - PolicyKit backend API
libpolkit-backend-1-dev - PolicyKit backend API - development files
libpolkit-gobject-1-0 - PolicyKit Authorization API
libpolkit-gobject-1-dev - PolicyKit Authorization API - development files
policykit-1 - framework for managing administrative policies and privileges
policykit-1-doc - documentation for PolicyKit-1
Changes:
policykit-1 (0.105-3ubuntu3) saucy; urgency=low
.
* SECURITY UPDATE: use of pkcheck without specifying uid is racy,
possibly leading to privilege escalation
- debian/patches/CVE-2013-4288.patch: implement pid,start-time,uid
syntax so callers have a non-racy way of using pkcheck.
- CVE-2013-4288
Checksums-Sha1:
68b03ea153db86121d3ff9c940cc4d4f48f0f2eb 2916 policykit-1_0.105-3ubuntu3.dsc
30840efb3886eeb1a10389cd388d692fc581e358 19941 policykit-1_0.105-3ubuntu3.debian.tar.gz
Checksums-Sha256:
0ef36589bf454a981534e3fb48f6111c86107b38fec1d09e4ede3301355e3aa7 2916 policykit-1_0.105-3ubuntu3.dsc
b00ad01578a47045fc36a5d18aae0017d27195070eece5271934bfa54992bdee 19941 policykit-1_0.105-3ubuntu3.debian.tar.gz
Files:
9feb11548542d58140f33f1241978e6f 2916 admin optional policykit-1_0.105-3ubuntu3.dsc
ec0a6b510d7ea2018ed0bf9e71cb4838 19941 admin optional policykit-1_0.105-3ubuntu3.debian.tar.gz
Original-Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQIcBAEBCgAGBQJSOehlAAoJEGVp2FWnRL6TaTsP/1Y6KgWz5n64SblXhuSEnvDK
sDZpkwUEX0WdSuj5UmiH9FBHZRmVAlOoFPRjYT7lIM4efdCBSDz1YaTw9+st/oPf
wuI213gFKjrPupCNBjcJfp+V2+aqoEKvYO8/1g/LiKwEVhIcFiAkhtvC4utpXy3b
SW1cb4NS3fEcINbUCJyimgE6RktcDCB7b4nLCRkTAcw6FSVqrWTLFUQiEFLFVWic
AMk5liyBINPV32tJGBg1Cn0uuM1wQtOxfNqV8G48w8xNVvdJloLtydZUeKB+pTWH
NzPDGSJRd9E0Og/nImx90ehh38zIB+NIQ45+vzhY5cUCgQg0BgUPNJNQ1syxTVcX
0lyGYcxXIxctG4kprzFQVYnPylQd+P1H/BgktMegRMWKFwigN0Q0DnOQDEuEkf/0
bB/HKyX17YO645JAnEAo8zkA8miXuXwYDvqlTNS7LytH8WstTYT0BEs7RnwaZpn3
gs0FJeMOpWtYeYzKNVTdpgFAI6A7bAk/G2Xdb/ZM7ja8BV1nKdkLyfFau5+dBjqw
LLkfjZco4smLjKTTL3Np/G22XSaIWATpPef9lnODGQ93DBrtL8M5JnPKqnZNZjc3
h5KYe73EYgzRs9MIx3fN7yWjXsWpMOnuGdwWHyyfcYrekhT4txIfrD5pfoJ6g0cH
hPvzH0U1+wRvtrjD/UGW
=4lbQ
-----END PGP SIGNATURE-----
More information about the Saucy-changes
mailing list