CVE-2011-1485
David Zeuthen
zeuthen at gmail.com
Tue Apr 19 11:57:00 PDT 2011
Hey,
A while ago, I was privately contacted about a vulnerability in
PolicyKit. For more details see,
https://bugzilla.redhat.com/show_bug.cgi?id=692922
Now that the embargo for this issue has been lifted (my contact from
Red Hat's security response team has been in contact with other
vendors for a coordinated release), I have pushed the fixes, see
http://cgit.freedesktop.org/PolicyKit/commit/?id=dd848a42a64a3b22a0cc60f6657b56ce9b6010ae
http://cgit.freedesktop.org/PolicyKit/commit/?id=129b6223a19e7fb2753f8cad7957ac5402394076
http://cgit.freedesktop.org/PolicyKit/commit/?id=c23d74447c7615dc74dae259f0fc3688ec988867
http://cgit.freedesktop.org/PolicyKit/commit/?id=3b12cfac29dddd27f1f166a7574d8374cc1dccf2
to the master branch. I have also created a polkit-0-96 branch with
the fixes backported to version 0.96, see
http://cgit.freedesktop.org/PolicyKit/log/?h=polkit-0-96
since this is the version that my employer ships in a supported product.
I will probably release 0.102 soon - until then vendors are advised to
include these patches ASAP.
Thanks,
David
More information about the polkit-devel
mailing list