-
policykit-1 (0.105-14.1ubuntu0.5) xenial-security; urgency=medium
* SECURITY UPDATE: start time protection mechanism bypass
- debian/patches/CVE-2019-6133.patch: Compare PolkitUnixProcess uids
for temporary authorizations in src/polkit/polkitsubject.c,
src/polkit/polkitunixprocess.c,
src/polkitbackend/polkitbackendinteractiveauthority.c.
- CVE-2019-6133
-- Marc Deslauriers <email address hidden> Wed, 27 Mar 2019 09:57:28 -0400
-
policykit-1 (0.105-14.1ubuntu0.4) xenial-security; urgency=medium
* SECURITY UPDATE: authorization bypass with large uid
- debian/patches/CVE-2018-19788-1.patch: allow negative uids/gids in
PolkitUnixUser and Group objects in src/polkit/polkitunixgroup.c,
src/polkit/polkitunixprocess.c, src/polkit/polkitunixuser.c.
- debian/patches/CVE-2018-19788-2.patch: add tests to
test/data/etc/group, test/data/etc/passwd,
test/data/etc/polkit-1/localauthority/10-test/com.example.pkla,
test/polkitbackend/polkitbackendlocalauthoritytest.c.
- debian/patches/CVE-2018-19788-3.patch: allow uid of -1 for a
PolkitUnixProcess in src/polkit/polkitunixprocess.c.
- CVE-2018-19788
-- Marc Deslauriers <email address hidden> Tue, 15 Jan 2019 08:19:19 -0500
-
policykit-1 (0.105-14.1ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: DoS and information disclosure
- debian/patches/CVE-2018-1116.patch: properly check UID in
src/polkit/polkitprivate.h, src/polkit/polkitunixprocess.c,
src/polkitbackend/polkitbackendinteractiveauthority.c,
src/polkitbackend/polkitbackendsessionmonitor-systemd.c,
src/polkitbackend/polkitbackendsessionmonitor.c,
src/polkitbackend/polkitbackendsessionmonitor.h.
- debian/libpolkit-gobject-1-0.symbols: updated for new private symbol.
- CVE-2018-1116
-- Marc Deslauriers <email address hidden> Fri, 13 Jul 2018 07:44:06 -0400
-
policykit-1 (0.105-14.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix FTBFS on non-linux/non-systemd. (Closes: #798769)
-- Adam Borowski <email address hidden> Thu, 14 Jan 2016 06:28:38 +0100
-
policykit-1 (0.105-14) unstable; urgency=medium
* debian/policykit-1.preinst: Use systemctl unmask instead of direct symlink
removal for consistency.
* Fix handling of multi-line helper output. Thanks Dariusz Gadomski! Patch
backported from upstream master. (LP: #1510824)
-- Martin Pitt <email address hidden> Mon, 23 Nov 2015 11:38:00 +0100
-
policykit-1 (0.105-13ubuntu1) xenial; urgency=medium
* Fix handling of multi-line helper output. (LP: #1510824)
-- Dariusz Gadomski <email address hidden> Fri, 20 Nov 2015 14:44:23 +0100
-
policykit-1 (0.105-13) unstable; urgency=medium
* debian/policykit-1.{pre,pos}inst: Temporarily mask polkitd.service while
policykit-1 is unpackaged but not yet configured. During that time we
don't yet have our D-Bus policy in /etc so that polkitd cannot work yet.
This can be dropped once the D-Bus policy moves to /usr.
(Closes: #794723, LP: #1447654)
-- Martin Pitt <email address hidden> Wed, 21 Oct 2015 08:11:22 +0200
-
policykit-1 (0.105-11ubuntu2) wily; urgency=medium
* debian/policykit-1.{pre,pos}inst: Temporarily mask polkitd.service while
policykit-1 is unpackaged but not yet configured. During that time we
don't yet have our D-Bus policy in /etc so that polkitd cannot work yet.
This can be dropped once the D-Bus policy moves to /usr.
(Closes: #794723, LP: #1447654)
-- Martin Pitt <email address hidden> Tue, 20 Oct 2015 05:37:43 +0200