Debian Bug report logs -
#724837
apt-xapian-index: unsafe polkit usage
Reported by: Nico Golde <nion@debian.org>
Date: Sat, 28 Sep 2013 15:39:02 UTC
Severity: grave
Tags: patch, security
Fixed in version apt-xapian-index/0.47
Done: Enrico Zini <enrico@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Enrico Zini <enrico@debian.org>:
Bug#724837; Package apt-xapian-index.
(Sat, 28 Sep 2013 15:39:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Enrico Zini <enrico@debian.org>.
(Sat, 28 Sep 2013 15:39:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: apt-xapian-index
Severity: grave
Tags: security patch
Hi,
the following vulnerability was published for apt-xapian-index.
CVE-2013-1064[0]: (from Ubuntu USN)
| It was discovered that apt-xapian-index was using polkit in an unsafe
| manner. A local attacker could possibly use this issue to bypass intended
| polkit authorizations.
The patch from Ubuntu is attached.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1064
http://security-tracker.debian.org/tracker/CVE-2013-1064
Please adjust the affected versions in the BTS as needed.
--
Nico Golde - XMPP: nion@jabber.ccc.de - GPG: 0xA0A0AAAA
[CVE-2013-1064.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]
Reply sent
to Enrico Zini <enrico@debian.org>:
You have taken responsibility.
(Sun, 24 Aug 2014 21:21:40 GMT) (full text, mbox, link).
Notification sent
to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(Sun, 24 Aug 2014 21:21:40 GMT) (full text, mbox, link).
Message #10 received at 724837-close@bugs.debian.org (full text, mbox, reply):
Source: apt-xapian-index
Source-Version: 0.47
We believe that the bug you reported is fixed in the latest version of
apt-xapian-index, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 724837@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Enrico Zini <enrico@debian.org> (supplier of updated apt-xapian-index package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 24 Aug 2014 10:44:58 -0700
Source: apt-xapian-index
Binary: apt-xapian-index
Architecture: source all
Version: 0.47
Distribution: unstable
Urgency: low
Maintainer: Enrico Zini <enrico@debian.org>
Changed-By: Enrico Zini <enrico@debian.org>
Description:
apt-xapian-index - maintenance and search tools for a Xapian index of Debian package
Closes: 719940 724837 736500
Changes:
apt-xapian-index (0.47) unstable; urgency=low
.
[ Enrico Zini ]
* s/UNRELEASED/unstable/ in 0.46 changelog. Closes: #719940
* Removed dbus support files, not needed anymore since software-center has
been removed from sid and testing. Closes: #724837
* Ported to dh-python2
* Updated Standards-Version, no changes required.
.
[ Elena Grandi ]
* Use defaults when values file is broken. Closes: #736500
Checksums-Sha1:
09a22df29a4c04bfc0865950f7a60e099082aa8e 1847 apt-xapian-index_0.47.dsc
f3a2dae68258626b1d936f76a6da5a75fd6b70e2 55515 apt-xapian-index_0.47.tar.gz
fdaad69820231206c1d5d27694f9288b1c362f27 58528 apt-xapian-index_0.47_all.deb
Checksums-Sha256:
b5057a482275df69272f66ec5e580ad25914ebf5c1e505a69485e3b9b848bb91 1847 apt-xapian-index_0.47.dsc
382c5910c3ce5b0c1f7de913263cd0197471c1d0387b091b1ab671f6a78d5de5 55515 apt-xapian-index_0.47.tar.gz
0019be55259cb9226beeb313e71bae379e2bb206c4b2041724c23b9388493518 58528 apt-xapian-index_0.47_all.deb
Files:
823dc58302f4c83001159ba017affb36 58528 admin optional apt-xapian-index_0.47_all.deb
cb113f51a20dd84dc29ff77747c061e8 1847 admin optional apt-xapian-index_0.47.dsc
ffc37bad8402bb56691510429e7d0770 55515 admin optional apt-xapian-index_0.47.tar.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJT+lTyAAoJEAPWVoyDcnWptzsP/1TiXnx5m6oVsG8FfKkLIv5s
FcqF4dHd7g0IJDls7VAxb2KWSzuOEUx5cfooUxHmY9ggbW96R3d1ZhdONdv009+o
t5ce3Rr+tubtAGPiSctZHMgO6OVzCjpLohyiaaZsC5kK9wR2el0gRu/pJwdFNyTQ
c0qlZ1YJ7nQPhNji3FfjgBXQMxjkQgAJQ7XPXAjCKxSWHlq1A61PISgTg9HyzEBT
L9Ly2uapb9asHVhYOrz+RjMYhBBWWIkzFwAhRbwmQ1FD+sz8mK798grSlWUcBa1w
dihVJvlgeKn+E3q/UflPhsGaq/FNH0IedjmbtbBhMOAEpvRWvzmQoVt3nDJuD6Le
gWeH4G5tj/esdyVzzflBEX1vORgSfrw4rw+IHITCC0GzjMo0mCcyeRX+ftV6CW3e
pawS6tqi44cFJKcVAhb/hB4MGCV0ngI/nXkar9GoaMSakyZnY+25gC8sKH04XAZy
mhNeKKulzeiGo1u1rfYW4ZUrTZso+dHHil62GaVMDfnSmOWvq2wEIkIce2KtkVyH
wwWrXR/Yqz05CgQj8p8kaeEk8uydxz9Y5zHXVFnDE1HkL0PtzKQk/834GqrX+9a9
jejFcUn4783XtL9Pspmyc0QxYcLU5R77eM84AMBEdJ6+Up18aM1ZOH3R8UNd44GN
4HXfXSAdeo/kLXor+g3q
=9YIT
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 24 May 2015 07:45:19 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:41:57 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon