polkit-0.112 (CVE-2013-4288)
Colin Walters
walters at verbum.org
Thu Sep 19 05:03:18 PDT 2013
Hi Michael,
On Thu, 2013-09-19 at 13:06 +0200, Michael Biebl wrote:
> Hi Miloslav,
>
> regarding CVE-2013-4288, do youd which versions of polkit are affected
> by this issue?
> Since the changelog talks about deprecating racy APIs, does that mean,
> polkit clients need to be updated as well for the fix to be effective?
> Given that, do you have a list of vulnerable/affected packages?
See
https://bugzilla.redhat.com/show_bug.cgi?id=1002375#c20
You can also clone the no-longer-secret:
http://people.freedesktop.org/~walters/secret/38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b/
(Note: I think the libvirt patches there may be slightly out of date, so
for the canonical set I recommend getting in touch with each individual
component maintainer)
More information about the polkit-devel
mailing list