Debian Bug report logs - #644500
policykit-1 local root exploit CVE-2011-1485

version graph

Package: policykit-1; Maintainer for policykit-1 is Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>; Source for policykit-1 is src:policykit-1.

Reported by: "Thijs Kinkhorst" <thijs@debian.org>

Date: Thu, 6 Oct 2011 12:06:43 UTC

Severity: grave

Tags: patch, security

Found in version policykit-1/0.96-4

Fixed in versions policykit-1/0.101-4, 0.96-4+squeeze2

Done: Jonathan Nieder <jrnieder@gmail.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>:
Bug#644500; Package policykit-1. (Thu, 06 Oct 2011 12:06:46 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Thijs Kinkhorst" <thijs@debian.org>:
New Bug report received and forwarded. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>. (Thu, 06 Oct 2011 12:07:06 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Thijs Kinkhorst" <thijs@debian.org>
To: submit@bugs.debian.org
Subject: policykit-1 local root exploit CVE-2011-1485
Date: Thu, 6 Oct 2011 14:05:10 +0200
Package: policykit-1
Version: 0.96-4
Severity: grave
Tags: security patch

Hi,

A local root exploit in Policykit has been published a while ago. I has
been resolved in unstable/testing already, but squeeze is still affected.
Please see:

http://security-tracker.debian.org/tracker/CVE-2011-1485
https://bugzilla.redhat.com/show_bug.cgi?id=692922

Can you please see if updated packages can be built for stable-security?
The process is detailed here:
http://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security
Also let us know if you're not available for this.


thanks,
Thijs




Bug marked as fixed in version 0.101-4, send any further explanations to "Thijs Kinkhorst" <thijs@debian.org> Request was from Thijs Kinkhorst <thijs@debian.org> to control@bugs.debian.org. (Sat, 08 Oct 2011 13:13:58 GMT) Full text and rfc822 format available.

Reply sent to Jonathan Nieder <jrnieder@gmail.com>:
You have taken responsibility. (Tue, 14 Feb 2012 02:51:12 GMT) Full text and rfc822 format available.

Notification sent to "Thijs Kinkhorst" <thijs@debian.org>:
Bug acknowledged by developer. (Tue, 14 Feb 2012 02:51:12 GMT) Full text and rfc822 format available.

Message #12 received at 644500-done@bugs.debian.org (full text, mbox):

From: Jonathan Nieder <jrnieder@gmail.com>
To: 644500-done@bugs.debian.org
Subject: Re: policykit-1 local root exploit CVE-2011-1485
Date: Mon, 13 Feb 2012 20:48:00 -0600
Version: 0.96-4+squeeze2

Hi,

Thijs Kinkhorst wrote:

> A local root exploit in Policykit has been published a while ago. I has
> been resolved in unstable/testing already, but squeeze is still affected.
> Please see:
>
> http://security-tracker.debian.org/tracker/CVE-2011-1485
> https://bugzilla.redhat.com/show_bug.cgi?id=692922

Fixed by 0.96-4+squeeze1, but the bug closure didn't reach the BTS (see
bug #657758).

Thanks,
Jonathan




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 13 May 2012 07:31:59 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 03:49:41 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.