Source: zulucrypt Version: 6.2.0-1 Severity: normal X-Debbugs-Cc: [email protected], [email protected]
Hi Marcio, zulucrypt has no seen recent updates and hast wo RC bugs. One of it is LPE due to the Debian applied patch to the policykit rules. While we could drop it and restore the functionality to reuqest the root password, requiring auth_admin instead of auth_self, and solve the security issue we wonder if it would now in this state actually be better to remove zulucyrpt. I would be possible as well from bookworm (but time is bit tight to still make it for the upcoming point release for bookworm but doable). The alternative is to only drop the policykit rules patch if it still would make a useful zulucrypt in bookworm, thoughts? Regards, Salvatore
