-
policykit-1 (0.105-26ubuntu1.3) focal-security; urgency=medium
* SECURITY UPDATE: DoS via file descriptor leak
- debian/patches/CVE-2021-4115.patch: wait for both calls in
src/polkit/polkitsystembusname.c.
- CVE-2021-4115
* debian/patches/CVE-2021-4034.patch: replaced with final upstream
version.
-- Marc Deslauriers <email address hidden> Mon, 21 Feb 2022 07:58:33 -0500
-
policykit-1 (0.105-26ubuntu1.2) focal-security; urgency=medium
* SECURITY UPDATE: Local Privilege Escalation in pkexec
- debian/patches/CVE-2021-4034.patch: properly handle command-line
arguments in src/programs/pkcheck.c, src/programs/pkexec.c.
- CVE-2021-4034
-- Marc Deslauriers <email address hidden> Wed, 12 Jan 2022 07:33:38 -0500
-
policykit-1 (0.105-26ubuntu1.1) focal-security; urgency=medium
* SECURITY UPDATE: local privilege escalation using
polkit_system_bus_name_get_creds_sync()
- debian/patches/CVE-2021-3560.patch: use proper return code in
src/polkit/polkitsystembusname.c.
- CVE-2021-3560
-- Marc Deslauriers <email address hidden> Wed, 26 May 2021 07:50:16 -0400
-
policykit-1 (0.105-26ubuntu1) eoan; urgency=medium
* Revert "Depend on new virtual packages default-logind and logind". We
don't yet have a systemd which provides these virtual packages, rendering
policykit-1 uninstallable. This change can be reverted once we do.
-- Iain Lane <email address hidden> Fri, 16 Aug 2019 13:37:39 +0100
