Your message dated Fri, 07 Dec 2018 21:09:54 +0000 with message-id <e1gvnni-000fzw...@fasolo.debian.org> and subject line Bug#915332: fixed in policykit-1 0.105-23 has caused the Debian Bug report #915332, regarding policykit-1: CVE-2018-19788: unprivileged users with UID can successfully execute any systemctl command to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 915332: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915332 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: policykit-1 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://gitlab.freedesktop.org/polkit/polkit/issues/74 As reported in https://gitlab.freedesktop.org/polkit/polkit/issues/74 , a unprivileged user with UID > INT_MAX can successfully execute any systemctl command . Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: policykit-1 Source-Version: 0.105-23 We believe that the bug you reported is fixed in the latest version of policykit-1, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 915...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Michael Biebl <bi...@debian.org> (supplier of updated policykit-1 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 07 Dec 2018 19:55:58 +0100 Source: policykit-1 Binary: policykit-1 policykit-1-doc libpolkit-gobject-1-0 libpolkit-gobject-1-dev libpolkit-agent-1-0 libpolkit-agent-1-dev libpolkit-backend-1-0 libpolkit-backend-1-dev gir1.2-polkit-1.0 Architecture: source Version: 0.105-23 Distribution: unstable Urgency: high Maintainer: Utopia Maintenance Team <pkg-utopia-maintain...@lists.alioth.debian.org> Changed-By: Michael Biebl <bi...@debian.org> Description: gir1.2-polkit-1.0 - GObject introspection data for PolicyKit libpolkit-agent-1-0 - PolicyKit Authentication Agent API libpolkit-agent-1-dev - PolicyKit Authentication Agent API - development files libpolkit-backend-1-0 - PolicyKit backend API libpolkit-backend-1-dev - PolicyKit backend API - development files libpolkit-gobject-1-0 - PolicyKit Authorization API libpolkit-gobject-1-dev - PolicyKit Authorization API - development files policykit-1 - framework for managing administrative policies and privileges policykit-1-doc - documentation for PolicyKit-1 Closes: 915332 Changes: policykit-1 (0.105-23) unstable; urgency=high . * Allow negative uids/gids in PolkitUnixUser and Group objects. Fixes a vulnerability in PolicyKit that allows a user with a uid greater than INT_MAX to successfully execute arbitrary polkit actions. (CVE-2018-19788, Closes: #915332) Checksums-Sha1: 3c4647dba116e2a0d6fe6a984d6d503a7a91c445 2923 policykit-1_0.105-23.dsc 2f9581d0d409e1fc5c93661a1ef84835413ad66e 63580 policykit-1_0.105-23.debian.tar.xz dea05ac15153764795a50a36ff93f7f0612455ae 9107 policykit-1_0.105-23_source.buildinfo Checksums-Sha256: 32f9749c68f3f2386bf558b4a97cb998b45cdcbc5b024f729636b5ab61efadb0 2923 policykit-1_0.105-23.dsc 8baafd655eec983b6842b2d59fc80395901200de92a30b05fb3442421dc335f5 63580 policykit-1_0.105-23.debian.tar.xz 7d3882d304278a388dca1c6e7eec59ec4e1e7775a4ca0c98073455144aae15a1 9107 policykit-1_0.105-23_source.buildinfo Files: 200187b7cd1dece1e6aadcb04e5e70c4 2923 admin optional policykit-1_0.105-23.dsc fa9bea3ec743aac7a977baa31808b3ec 63580 admin optional policykit-1_0.105-23.debian.tar.xz 7f7aeceebede241311ce7525e410a5d1 9107 admin optional policykit-1_0.105-23_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEECbOsLssWnJBDRcxUauHfDWCPItwFAlwKzoAACgkQauHfDWCP ItzRxg/6AyulxvUUj8Pj5nY1uqwzm2e6H/tvqsKtrPTZ3873deyPw/YFE2+oCaQB XkM8v3KMpH/3mucg0j/GfLmJmo2AOdzld59dCeDuwP9SdIATpCZzakRc+lN3A9uA gTwQyVotlhHcIZcxbqSFrmBlSrvJ9KS9rl9X1MHqMDl9tAMK9GpuAR4KC4gjojwD ZhzkXnTo5M+yivmclmGGE6yIEY14kUPbJQr0Jxy9Mx3e5D0VY/CcwCbQ1ghf7O2i LfSkvFig2cpyqVXqFj9fNOhwL5chKRC8T/+SvWWt0B1Wa43p+vki1fQDEeqOgXNt O6Yr3kmA0HOs2kp4ERYmkzRYj1UZKI3RWDFggdQkz+A464bltqbC5LsEdt/dXioA UaeVhbfv3JjM4RVPEHLUksYYKHjTufPlTw/MO0zxpUWOrqdFtWp0PLkJwPP5Z757 7eBDjgBOEUA/7gfiCihA4DKVxtwYDey5Atk4ab48SUgvSrckki9qzKcLE0UzMR5D +tE+/6AW0trrMwl15Ao6Mp30u6JLn1nzwT0NjAyH49z7rhHAsuIijteaPxFmBbZc ExMiFaqkqB0NSuDQTuaqZnt5ELJhAAIv1u1UaBn52wgd6b0vu1Xo7k3Gp6/J74Zt 4kpfKB4ExPhKyf0m3TS7IZAg6r+xjW1dnKeRtvXS2EAMQDhzA5M= =Y4WX -----END PGP SIGNATURE-----
--- End Message ---
