Your message dated Fri, 07 Dec 2018 21:10:01 +0000 with message-id <e1gvnnp-000g1n...@fasolo.debian.org> and subject line Bug#915332: fixed in policykit-1 0.115-3 has caused the Debian Bug report #915332, regarding policykit-1: CVE-2018-19788: unprivileged users with UID can successfully execute any systemctl command to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 915332: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915332 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: policykit-1 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://gitlab.freedesktop.org/polkit/polkit/issues/74 As reported in https://gitlab.freedesktop.org/polkit/polkit/issues/74 , a unprivileged user with UID > INT_MAX can successfully execute any systemctl command . Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: policykit-1 Source-Version: 0.115-3 We believe that the bug you reported is fixed in the latest version of policykit-1, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 915...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Biebl <bi...@debian.org> (supplier of updated policykit-1 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 07 Dec 2018 20:17:15 +0100 Source: policykit-1 Binary: policykit-1 policykit-1-doc libpolkit-gobject-1-0 libpolkit-gobject-1-dev libpolkit-agent-1-0 libpolkit-agent-1-dev gir1.2-polkit-1.0 Architecture: source Version: 0.115-3 Distribution: experimental Urgency: medium Maintainer: Utopia Maintenance Team <pkg-utopia-maintain...@lists.alioth.debian.org> Changed-By: Michael Biebl <bi...@debian.org> Description: gir1.2-polkit-1.0 - GObject introspection data for PolicyKit libpolkit-agent-1-0 - PolicyKit Authentication Agent API libpolkit-agent-1-dev - PolicyKit Authentication Agent API - development files libpolkit-gobject-1-0 - PolicyKit Authorization API libpolkit-gobject-1-dev - PolicyKit Authorization API - development files policykit-1 - framework for managing administrative policies and privileges policykit-1-doc - documentation for PolicyKit-1 Closes: 915332 Changes: policykit-1 (0.115-3) experimental; urgency=medium . * Allow negative uids/gids in PolkitUnixUser and Group objects. Fixes a vulnerability in PolicyKit that allows a user with a uid greater than INT_MAX to successfully execute arbitrary polkit actions. (CVE-2018-19788, Closes: #915332) Checksums-Sha1: 9753d157a91b0cdf1d3cdb41c25c9c4a5731092e 2782 policykit-1_0.115-3.dsc 7deab24f50eb212c58a06b372da9656deb166296 31464 policykit-1_0.115-3.debian.tar.xz ccb99b6f74190c15d95196593bb4b3e0175d4c78 9117 policykit-1_0.115-3_source.buildinfo Checksums-Sha256: 09d953d3183c289b3af842146c5c53229573ac6fe24483694f8984b7ab0f3ff9 2782 policykit-1_0.115-3.dsc 260d0c8e1dcc9e3c4793e1b6b7e501b41a5a7484dae4e51363bc6dfe7540eadc 31464 policykit-1_0.115-3.debian.tar.xz 4da848ea148018581d395a09ffa0283bdcc4d14d7fb1aa00b142930b64b23550 9117 policykit-1_0.115-3_source.buildinfo Files: fb667e6c636ed54aa3434dba086c1b71 2782 admin optional policykit-1_0.115-3.dsc 17e1fd554fe1f0dfee64628085b87b00 31464 admin optional policykit-1_0.115-3.debian.tar.xz 66b275d77e5b52dbc1bc29210aca8ab3 9117 admin optional policykit-1_0.115-3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAlwKzrgACgkQauHfDWCP ItxK+Q//Z8lGWsabkSrRKEhm5hJri3BfZ9/cENQa3frWlqIsEb0HKGT03YYTUcZS VD3n9967eb91XNWbZRdAVpg1ZxgnJ+VlK/jLYP8BSfVEWaoIKVMYn0yDKHooGUEN Vm6RgsNeDpiDdnaS1Y9xT/0OTsZQLYWWAETha1S7+0NFWIZmdgoAaJ3wGyiNGvRM KA2zqLIFUI4QCS3BpGmXzvtWRdvGbBBLr7IrT0XdOHaZAkBBP2Z1piIu/iOqSaF1 WpLeW4O7aYLBIMLWQxLbfZ8bG9UJbGAzQEWTujlO1nDKIV57tW6HrAItB2NVtRCN Ow5BrV+Crv/EwGohanP2AvBg+Yq7uB+RxYKoDmekEBnbTNUKxLVMmGf/D94AACmi 0gBR35lsnr2uZxEg+FgTlYcmAAB38V2FUdFedURreUxTg2fxEw1xrLzEEC1+dN00 ZgAiGz0shNFp6QVjN5/0APYj1IEVuvJMb7OjD5YZaYV2xovUWXEZ6zx20ZC1n2Ms puRpiQ+MxjaDYipdw89186jkPkIGvh+wBaZEXJ1FAreuLvb9QgEwWl9+Z5mNczot DugE5lbOwuZTNvjwf25QseiedZYeHybLAPcTrOfC4+BXjR5ShDd8vC1EQkYzDmQD XJ0wc5LlJtF0zgQ9hfyQ3ICgUBouCTtAln+fJA1fNT+P2zwKEJQ= =5/+O -----END PGP SIGNATURE-----
--- End Message ---
