Debian Bug report logs -
#476615
CVE-2008-1658: policykit format string vulnerability
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 17 Apr 2008 22:27:02 UTC
Severity: grave
Tags: patch, security
Merged with 476616
Fixed in version policykit/0.8-1
Done: Michael Biebl <biebl@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>:
Bug#476615; Package policykit.
(full text, mbox, link).
Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: policykit
Severity: grave
Tags: security
Justification: user security hole
Please see https://bugs.freedesktop.org/show_bug.cgi?id=15295
for details and a patch.
Cheers,
Moritz
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Merged 476615 476616.
Request was from Bernd Zeimetz <bzed@debian.org>
to control@bugs.debian.org.
(Thu, 17 Apr 2008 22:54:01 GMT) (full text, mbox, link).
Merged 476615 476616.
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Thu, 17 Apr 2008 23:00:04 GMT) (full text, mbox, link).
Reply sent to Michael Biebl <biebl@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #14 received at 476615-close@bugs.debian.org (full text, mbox, reply):
Source: policykit
Source-Version: 0.8-1
We believe that the bug you reported is fixed in the latest version of
policykit, which is due to be installed in the Debian FTP archive:
libpolkit-dbus-dev_0.8-1_i386.deb
to pool/main/p/policykit/libpolkit-dbus-dev_0.8-1_i386.deb
libpolkit-dbus2_0.8-1_i386.deb
to pool/main/p/policykit/libpolkit-dbus2_0.8-1_i386.deb
libpolkit-dev_0.8-1_i386.deb
to pool/main/p/policykit/libpolkit-dev_0.8-1_i386.deb
libpolkit-grant-dev_0.8-1_i386.deb
to pool/main/p/policykit/libpolkit-grant-dev_0.8-1_i386.deb
libpolkit-grant2_0.8-1_i386.deb
to pool/main/p/policykit/libpolkit-grant2_0.8-1_i386.deb
libpolkit2_0.8-1_i386.deb
to pool/main/p/policykit/libpolkit2_0.8-1_i386.deb
policykit-doc_0.8-1_all.deb
to pool/main/p/policykit/policykit-doc_0.8-1_all.deb
policykit_0.8-1.diff.gz
to pool/main/p/policykit/policykit_0.8-1.diff.gz
policykit_0.8-1.dsc
to pool/main/p/policykit/policykit_0.8-1.dsc
policykit_0.8-1_i386.deb
to pool/main/p/policykit/policykit_0.8-1_i386.deb
policykit_0.8.orig.tar.gz
to pool/main/p/policykit/policykit_0.8.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 476615@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <biebl@debian.org> (supplier of updated policykit package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 18 Apr 2008 01:39:08 +0200
Source: policykit
Binary: policykit policykit-doc libpolkit2 libpolkit-dev libpolkit-dbus2 libpolkit-dbus-dev libpolkit-grant2 libpolkit-grant-dev
Architecture: source all i386
Version: 0.8-1
Distribution: unstable
Urgency: medium
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Michael Biebl <biebl@debian.org>
Description:
libpolkit-dbus-dev - library for accessing PolicyKit via D-Bus - development files
libpolkit-dbus2 - library for accessing PolicyKit via D-Bus
libpolkit-dev - library for accessing PolicyKit - development files
libpolkit-grant-dev - library for obtaining privileges via PolicyKit - development file
libpolkit-grant2 - library for obtaining privileges via PolicyKit
libpolkit2 - library for accessing PolicyKit
policykit - framework for managing administrative policies and privileges
policykit-doc - documentation for PolicyKit
Closes: 476615
Changes:
policykit (0.8-1) unstable; urgency=medium
.
* New upstream release.
- SECURITY - CVE-2008-1658:
Fixes format string vulnerability in the grant helper. (Closes: #476615)
* debian/control
- Add Build-Depends on pkg-config.
Checksums-Sha1:
b68cb43bcf31d77ac8b6a8f9f79405e99746af01 1573 policykit_0.8-1.dsc
4407f36932142d2792896440805a563c8d90e7df 1226699 policykit_0.8.orig.tar.gz
e094447582d470a557cce947041303c5b456e3d4 4398 policykit_0.8-1.diff.gz
b0a0d1d9e04fabeede0986f6dddf6f942350719c 358718 policykit-doc_0.8-1_all.deb
1c8d46be394b9b94a995cfc4c251d87d3295e11f 125514 policykit_0.8-1_i386.deb
e6e360344badfe51dd74096f60df436c8554019b 98302 libpolkit2_0.8-1_i386.deb
37f4d359de1b036a2cdd1ee27cfee77e017bf8c1 117270 libpolkit-dev_0.8-1_i386.deb
551091c6e8b9b14655c9f58912645725a9b5dd76 81194 libpolkit-dbus2_0.8-1_i386.deb
7eed00c9666494c641e4a139eee7e1d6c1ab2ba8 85546 libpolkit-dbus-dev_0.8-1_i386.deb
7bf37baa9df379630aec35c13ff7fc9dfeab7a3d 77898 libpolkit-grant2_0.8-1_i386.deb
86f8c0b3624fb7831e095c9ff3b609aaa2f14c8f 84556 libpolkit-grant-dev_0.8-1_i386.deb
Checksums-Sha256:
2bb2c4cbd928c7698b76557b10de8a231644af57118d0079adf26d77617893fe 1573 policykit_0.8-1.dsc
92ddda8f5ffb0981c9ac50cf419f73796ccee8d94b4c935735f2f30f6ccd21ba 1226699 policykit_0.8.orig.tar.gz
678ba0ed824271a770fbc4c540178c19ab32d0dbd7b9691a23414fbd850e00a3 4398 policykit_0.8-1.diff.gz
e920621fef7e8acbf165b6a59f8dd08b8511a87284098bf379615e074f946893 358718 policykit-doc_0.8-1_all.deb
21d163d2edb243779f900ca4135e0fb0fe05e9170ff6c3ad227f4af916efa4ed 125514 policykit_0.8-1_i386.deb
a0de9f3dc7f4b514f20f1112cc4f3c0c35c372ca150e9d260a552bc8c5339d83 98302 libpolkit2_0.8-1_i386.deb
1741ba4b96062e1eacaaecb5706198b4f3d3062915d0581e6342a7be09d1b2da 117270 libpolkit-dev_0.8-1_i386.deb
3cd768f01a72f0fd6ef58fab1d25b163dc631578f53a9c6d66a29c05f02d350a 81194 libpolkit-dbus2_0.8-1_i386.deb
0dfac32d80418e75eefccbc63d0d973634a814d8eb3e58d697315df5986608b0 85546 libpolkit-dbus-dev_0.8-1_i386.deb
b9b2ca6238c505004096628e6703a6583a1e3c6c9ab85a965745342ae86b2cf5 77898 libpolkit-grant2_0.8-1_i386.deb
1056295064456413be31c0d52b001f31e37c3e2f6bd958d0f29b92694e33ac33 84556 libpolkit-grant-dev_0.8-1_i386.deb
Files:
b6506816e6e97ed68449e5330eca060d 1573 admin optional policykit_0.8-1.dsc
5c1a4445dbd5cb853132766c5d0ab336 1226699 admin optional policykit_0.8.orig.tar.gz
271f221eaf8c9cc6f78214092105091d 4398 admin optional policykit_0.8-1.diff.gz
19066b038cd040dc96e86b6b543b69d2 358718 doc optional policykit-doc_0.8-1_all.deb
17796aacfde857918948bb2916481dab 125514 admin optional policykit_0.8-1_i386.deb
9ff8c06f44a2699efb43f2b3f18cd5f8 98302 libs optional libpolkit2_0.8-1_i386.deb
12a72981d990920f81cafaede3614172 117270 libdevel optional libpolkit-dev_0.8-1_i386.deb
61ec4b68ad44d96badaeb28601b0a690 81194 libs optional libpolkit-dbus2_0.8-1_i386.deb
d59deb268178bab29df2e0f1b910fe13 85546 libdevel optional libpolkit-dbus-dev_0.8-1_i386.deb
30ebf11fafd212359355063f6a51be9d 77898 libs optional libpolkit-grant2_0.8-1_i386.deb
0c1b65c2d721a021ed8e3cfc3f6217c4 84556 libdevel optional libpolkit-grant-dev_0.8-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIB+k1h7PER70FhVQRApYxAJ9N78G7pab+0n0FJuLfgoG1GdD89QCggVxQ
1X7aD98qSszCIPxH9090j5E=
=RBxM
-----END PGP SIGNATURE-----
Reply sent to Michael Biebl <biebl@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 24 May 2008 07:28:26 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:21:17 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon