Source: policykit-1 Version: 0.105-14.1 Severity: important Tags: security upstream
Hi Martin, hi Michael, the following vulnerability was published for policykit-1, and opening this bug report to track the issue as well in the BTS. CVE-2016-2568[0]: |Program run via pkexec as unprivileged user can escape to parent |session via TIOCSTI ioctl If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-2568 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1300746 [2] https://bugzilla.redhat.com/show_bug.cgi?id=1299955 Please adjust the affected versions in the BTS as needed. I have only checked unstable. Regards, Salvatore
