CVE-2015-3255 CVE-2015-4625

Debian Bug report logs - #796134
CVE-2015-3255 CVE-2015-4625

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2015-3255 CVE-2015-4625

Date: Wed, 19 Aug 2015 20:41:43 +0200

Package: policykit-1
Version: 0.105-11
Severity: important
Tags: security

Two security issues in polkit:

CVE-2015-3255:
http://cgit.freedesktop.org/polkit/commit/?id=9f5e0c731784003bd4d6fc75ab739ff8b2ea269f

CVE-2015-4625:
http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html
http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html
https://bugs.freedesktop.org/show_bug.cgi?id=90837
https://bugs.freedesktop.org/show_bug.cgi?id=90832
http://www.openwall.com/lists/oss-security/2015/06/08/3
http://cgit.freedesktop.org/polkit/commit/?id=ea544ffc18405237ccd95d28d7f45afef49aca17
http://cgit.freedesktop.org/polkit/commit/?id=493aa5dc1d278ab9097110c1262f5229bbaf1766
http://cgit.freedesktop.org/polkit/commit/?id=fb5076b7c05d01a532d593a4079a29cf2d63a228

Cheers,
        Moritz

Message #14 received at 796134-close@bugs.debian.org (full text, mbox, reply):

From: Simon McVittie <smcv@debian.org>

To: 796134-close@bugs.debian.org

Subject: Bug#796134: fixed in policykit-1 0.105-12

Date: Fri, 11 Sep 2015 15:30:19 +0000

Source: policykit-1
Source-Version: 0.105-12

We believe that the bug you reported is fixed in the latest version of
policykit-1, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 796134@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon McVittie <smcv@debian.org> (supplier of updated policykit-1 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 11 Sep 2015 09:48:00 +0100
Source: policykit-1
Binary: policykit-1 policykit-1-doc libpolkit-gobject-1-0 libpolkit-gobject-1-dev libpolkit-agent-1-0 libpolkit-agent-1-dev libpolkit-backend-1-0 libpolkit-backend-1-dev gir1.2-polkit-1.0
Architecture: source
Version: 0.105-12
Distribution: unstable
Urgency: medium
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Simon McVittie <smcv@debian.org>
Description:
 gir1.2-polkit-1.0 - GObject introspection data for PolicyKit
 libpolkit-agent-1-0 - PolicyKit Authentication Agent API
 libpolkit-agent-1-dev - PolicyKit Authentication Agent API - development files
 libpolkit-backend-1-0 - PolicyKit backend API
 libpolkit-backend-1-dev - PolicyKit backend API - development files
 libpolkit-gobject-1-0 - PolicyKit Authorization API
 libpolkit-gobject-1-dev - PolicyKit Authorization API - development files
 policykit-1 - framework for managing administrative policies and privileges
 policykit-1-doc - documentation for PolicyKit-1
Closes: 766860 772125 775158 779988 796134
Changes:
 policykit-1 (0.105-12) unstable; urgency=medium
 .
   * Team upload
   * Replace 03_complete_session.patch with a change from upstream
     which seems like a more correct solution for LP#445303, LP#649939
   * 05_revert-admin-identities-unix-group-wheel.patch: remove confusing
     staff -> desktop_admin_r change in a man page (desktop_admin_r looks
     vaguely like a SELinux role but is actually being used as a group);
     keep only the actual functional change. This matches the syntactically
     different but functionally similar change in experimental.
   * 09_pam_environment.patch: replace with the version that went upstream.
   * Annotate remaining patches with a bit more information.
     They are:
     - 00git_fix_memleak.patch, 00git_invalid_object_paths.patch,
       00git_type_registration.patch, 04_get_cwd.patch,
       07_set-XAUTHORITY-environment-variable-if-unset.patch,
       08_deprecate_racy_APIs.patch, 09_pam_environment.patch,
       cve-2013-4288.patch: either backports from upstream, or already
       applied upstream, and not discussed further here.
     - 01_pam_polkit.patch: use Debian's common-* infrastructure,
       plus pam_env to get the global environment and locale.
       Debian-specific.
     - 02_gettext.patch: Use gettext to translate .policy files at
       runtime, allowing for Ubuntu-style language packs.
       Debian-specific (mainly for Ubuntu's benefit, really).
     - 05_revert-admin-identities-unix-group-wheel.patch: Debian does
       not use the "wheel" group like Red Hat derivatives do;
       treat uid 0 as the administrative identity instead.
       Debian-specific.
     - 06_systemd-service.patch: hook up the systemd service in
       debian/polkitd.service.
       Not forwarded: obsoleted by an upstream change in 0.106,
       commit 2995085.
   * Re-order patch series to put upstream changes first, sorted by version
     in which they went upstream, and put them in subdirectories by version
   * Add patches from 0.113 to fix heap corruption CVE-2015-3255
     (Closes: #766860) and local authenticated denial of service
     CVE-2015-4625 (Closes: #796134)
   * Add numerous other bug-fix patches from 0.113
     - work around bugs in older versions of libpam-systemd when using
       su or similar (Closes: #772125)
     - treat background processes as part of the same uid's active GUI
       session if they have one (Closes: #779988)
     - fix some memory leaks (Closes: #775158, LP: #1417637)
   * Add backported public API polkit_system_bus_name_get_user_sync() to
     symbols file
   * Fix FTBFS with dpkg-buildpackage -A by only installing files into
     policykit-1 in per-arch builds
   * Run tests with a session bus pretending to be the system bus,
     so they can pass in a buildd environment
Checksums-Sha1:
 1457e5022722b7eba404f48f80ebd056f8204df2 2869 policykit-1_0.105-12.dsc
 ad74acdadc5d516a1495475cb9d1f3358cfc2aeb 39720 policykit-1_0.105-12.debian.tar.xz
Checksums-Sha256:
 8e32ec79b3bd5047242701e0efeb09977fe31314dfad73e0e3a6f134e692968d 2869 policykit-1_0.105-12.dsc
 b53a880866446c834fedbc3bceb175e94588a5e0a4e194f90f322c9a29bd0aea 39720 policykit-1_0.105-12.debian.tar.xz
Files:
 09b4c3a1447f0290959d8d9acdcca8b8 2869 admin optional policykit-1_0.105-12.dsc
 89013b11e9cf0d87c82c60707b1a5d44 39720 admin optional policykit-1_0.105-12.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJV8u61AAoJEE3o/ypjx8yQxEAP/Ag1Bj76cHQnX8zTdwYUwYH0
Ihqu91bPPIazRtMnnjBfNrATkAGGGhHGZ5JTLNFQBo8LNid36+MLetZwSMo9Ep55
TFFFfBFBU2Zkri6A2E9YvfT97NLmMqfvCZR+4q5yOWhcpKte6YJa39mQ9dh9BKUs
BDbaUgmdzTHjC8ai3xmrr2+NTKf917DKWIOjzda77RjJp//JOWSTxLxyXjXyfBMe
xdTivI0Q6enKKxCeNQDCeRrHVpQAchCHJP1M3c14xZeMxWcz/cQ40MANZM88PkkJ
WecuGkdBoLB80vQVNCYcuBrxK7Ekw7bWhvY69EGAyoH7M7eq1VcCgTh/vzP4pV0O
gJfqEBqIRmfmjNSrc9pwQC3/fEEsCx3/Hz7Bl/Oq+fDgJ776oYyfQUhYq/uqohsG
GAU3nX4+YpZjpu3krQWG1xNcjGIdFY5H9oz3U8M8OM/XvUl+arf3EDqu0PM0ZYts
ILl85zKQDRkhxRkxc75jig1pq4ag3ahKaIOVC8revOTl6JdTGzRs5XFftiMP3LxN
fRjB2tQrRndK/JEoMHq6DWsHQw6ODMpAOuaFiPblQYQKossixUMcfmnNrTtZGsoD
hLBW0eKM2OzrDMv59OLUvSy+NpA4PdKH2qN/AM7hR1V9nxIL7SWOFjYFnjc+rkq2
yPxJTow4VZ9j/LRV9OL0
=NwJP
-----END PGP SIGNATURE-----

Message #19 received at 796134-close@bugs.debian.org (full text, mbox, reply):

From: Michael Biebl <biebl@debian.org>

To: 796134-close@bugs.debian.org

Subject: Bug#796134: fixed in policykit-1 0.105-15~deb8u1

Date: Sat, 28 May 2016 10:47:09 +0000

Source: policykit-1
Source-Version: 0.105-15~deb8u1

We believe that the bug you reported is fixed in the latest version of
policykit-1, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 796134@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Biebl <biebl@debian.org> (supplier of updated policykit-1 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 27 May 2016 12:46:17 +0200
Source: policykit-1
Binary: policykit-1 policykit-1-doc libpolkit-gobject-1-0 libpolkit-gobject-1-dev libpolkit-agent-1-0 libpolkit-agent-1-dev libpolkit-backend-1-0 libpolkit-backend-1-dev gir1.2-polkit-1.0
Architecture: source amd64 all
Version: 0.105-15~deb8u1
Distribution: stable
Urgency: medium
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Michael Biebl <biebl@debian.org>
Description:
 gir1.2-polkit-1.0 - GObject introspection data for PolicyKit
 libpolkit-agent-1-0 - PolicyKit Authentication Agent API
 libpolkit-agent-1-dev - PolicyKit Authentication Agent API - development files
 libpolkit-backend-1-0 - PolicyKit backend API
 libpolkit-backend-1-dev - PolicyKit backend API - development files
 libpolkit-gobject-1-0 - PolicyKit Authorization API
 libpolkit-gobject-1-dev - PolicyKit Authorization API - development files
 policykit-1 - framework for managing administrative policies and privileges
 policykit-1-doc - documentation for PolicyKit-1
Closes: 766860 772125 775158 779756 779988 787932 791397 794723 796134 798769 817998
Changes:
 policykit-1 (0.105-15~deb8u1) stable; urgency=medium
 .
   * Upload to stable.
 .
 policykit-1 (0.105-15) unstable; urgency=medium
 .
   * Generate tight inter-package dependencies.
     This ensures that everything from the same source package is upgraded in
     lockstep. (Closes: #817998)
 .
 policykit-1 (0.105-14.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Fix FTBFS on non-linux/non-systemd. (Closes: #798769)
 .
 policykit-1 (0.105-14) unstable; urgency=medium
 .
   * debian/policykit-1.preinst: Use systemctl unmask instead of direct symlink
     removal for consistency.
   * Fix handling of multi-line helper output. Thanks Dariusz Gadomski! Patch
     backported from upstream master. (LP: #1510824)
 .
 policykit-1 (0.105-13) unstable; urgency=medium
 .
   * debian/policykit-1.{pre,pos}inst: Temporarily mask polkitd.service while
     policykit-1 is unpackaged but not yet configured. During that time we
     don't yet have our D-Bus policy in /etc so that polkitd cannot work yet.
     This can be dropped once the D-Bus policy moves to /usr.
     (Closes: #794723, LP: #1447654)
 .
 policykit-1 (0.105-12) unstable; urgency=medium
 .
   * Team upload
   * Replace 03_complete_session.patch with a change from upstream
     which seems like a more correct solution for LP#445303, LP#649939
   * 05_revert-admin-identities-unix-group-wheel.patch: remove confusing
     staff -> desktop_admin_r change in a man page (desktop_admin_r looks
     vaguely like a SELinux role but is actually being used as a group);
     keep only the actual functional change. This matches the syntactically
     different but functionally similar change in experimental.
   * 09_pam_environment.patch: replace with the version that went upstream.
   * Annotate remaining patches with a bit more information.
     They are:
     - 00git_fix_memleak.patch, 00git_invalid_object_paths.patch,
       00git_type_registration.patch, 04_get_cwd.patch,
       07_set-XAUTHORITY-environment-variable-if-unset.patch,
       08_deprecate_racy_APIs.patch, 09_pam_environment.patch,
       cve-2013-4288.patch: either backports from upstream, or already
       applied upstream, and not discussed further here.
     - 01_pam_polkit.patch: use Debian's common-* infrastructure,
       plus pam_env to get the global environment and locale.
       Debian-specific.
     - 02_gettext.patch: Use gettext to translate .policy files at
       runtime, allowing for Ubuntu-style language packs.
       Debian-specific (mainly for Ubuntu's benefit, really).
     - 05_revert-admin-identities-unix-group-wheel.patch: Debian does
       not use the "wheel" group like Red Hat derivatives do;
       treat uid 0 as the administrative identity instead.
       Debian-specific.
     - 06_systemd-service.patch: hook up the systemd service in
       debian/polkitd.service.
       Not forwarded: obsoleted by an upstream change in 0.106,
       commit 2995085.
   * Re-order patch series to put upstream changes first, sorted by version
     in which they went upstream, and put them in subdirectories by version
   * Add patches from 0.113 to fix heap corruption CVE-2015-3255
     (Closes: #766860) and local authenticated denial of service
     CVE-2015-4625 (Closes: #796134)
   * Add numerous other bug-fix patches from 0.113
     - work around bugs in older versions of libpam-systemd when using
       su or similar (Closes: #772125)
     - treat background processes as part of the same uid's active GUI
       session if they have one (Closes: #779988)
     - fix some memory leaks (Closes: #775158, LP: #1417637)
   * Add backported public API polkit_system_bus_name_get_user_sync() to
     symbols file
   * Fix FTBFS with dpkg-buildpackage -A by only installing files into
     policykit-1 in per-arch builds
   * Run tests with a session bus pretending to be the system bus,
     so they can pass in a buildd environment
 .
 policykit-1 (0.105-11) unstable; urgency=medium
 .
   * Add 00git_invalid_object_paths.patch: backend: Handle invalid object paths
     in RegisterAuthenticationAgent (CVE-2015-3218, Closes: #787932)
   * policykit-1.postinst: Reload systemd before restarting polkitd.service, to
     avoid "Warning: polkitd.service changed on disk". (Closes: #791397)
 .
 policykit-1 (0.105-10) unstable; urgency=medium
 .
   * Add 00git_type_registration.patch: Use GOnce for interface type
     registration. Fixes frequent udisks segfault (LP: #1236510).
   * Add 00git_fix_memleak.patch: Fix memory leak in EnumerateActions call
     results handler. (LP: #1417637)
 .
 policykit-1 (0.105-9) unstable; urgency=medium
 .
   [ Martin Pitt ]
   * policykit-1.postinst: Don't kill polkitd under systemd, but properly
     restart it. This avoids killing it shortly after systemd tries to
     bus-activate it on installation. (LP: #1447654)
 .
   [ Michael Biebl ]
   * Build against libsystemd instead of the old libsystemd-login compat
     library. (Closes: #779756)
Checksums-Sha1:
 e4ca96e825079216bb2514508c42bd0f4baed10f 2915 policykit-1_0.105-15~deb8u1.dsc
 bcb8ab3b6dca0ec2bdcbaa44f5f4b676f5bf5e73 41380 policykit-1_0.105-15~deb8u1.debian.tar.xz
 bddec4d33a47fb65ae1cc580f8eee82e595576f8 61942 policykit-1_0.105-15~deb8u1_amd64.deb
 6b1d785887d25316544ce25cd151fc3329c26d30 264450 policykit-1-doc_0.105-15~deb8u1_all.deb
 c1e95fe388f459161e067a75ecbc180debd20d16 43006 libpolkit-gobject-1-0_0.105-15~deb8u1_amd64.deb
 18697b3e003a78a1c426f093c5f8035b5ae58abc 61182 libpolkit-gobject-1-dev_0.105-15~deb8u1_amd64.deb
 4311cde7ed6d910872d4b001684672afa1b1dec1 23794 libpolkit-agent-1-0_0.105-15~deb8u1_amd64.deb
 0fd7d2351609a2110d3f3a3eaec53f112eeed45c 29578 libpolkit-agent-1-dev_0.105-15~deb8u1_amd64.deb
 ccd141984352e7adb183ff2f158df8398a4338f1 45358 libpolkit-backend-1-0_0.105-15~deb8u1_amd64.deb
 f89958b5dba449e26a00a2ef7fdbc7d187af0b2b 49712 libpolkit-backend-1-dev_0.105-15~deb8u1_amd64.deb
 af9556bec71a4c0bdb3be260b7b61a9ec17cd4b4 15958 gir1.2-polkit-1.0_0.105-15~deb8u1_amd64.deb
Checksums-Sha256:
 ad9c34bcac80468d02c285738a7be076d236772241a038227dd71efac6c64c31 2915 policykit-1_0.105-15~deb8u1.dsc
 b55ebc17315f9df4aa75c9514880a8b8549620559941f18911a9ff89f3f2436b 41380 policykit-1_0.105-15~deb8u1.debian.tar.xz
 e266487f49252cd9b33e75c8213f49f282f59bef98122de54ebdf832b330fe0b 61942 policykit-1_0.105-15~deb8u1_amd64.deb
 278b9b07916cfc4bc932d63819807da59d3d68fc920c959581910b473724760c 264450 policykit-1-doc_0.105-15~deb8u1_all.deb
 86ad6bf3d7de06967f8daa1920746f47ac3172b0dbb0e5f847e20418a3c04722 43006 libpolkit-gobject-1-0_0.105-15~deb8u1_amd64.deb
 98f225bd1c8bfeee49c88981fbe23d5c9ef8314387b53ffb6e05563d3ec2cdb3 61182 libpolkit-gobject-1-dev_0.105-15~deb8u1_amd64.deb
 e9b24da4b1d1ac2b823a2d032ac0a835ae70fdcf6a39923f75564670b95b4c74 23794 libpolkit-agent-1-0_0.105-15~deb8u1_amd64.deb
 b19737b3a7d3c930ea195582901adb3b92adc55161803ee6ab4f69dc0550ddde 29578 libpolkit-agent-1-dev_0.105-15~deb8u1_amd64.deb
 6a8ae9b21d48d1d4c1829ab15641d81a12168a820643fe022f282d310283f001 45358 libpolkit-backend-1-0_0.105-15~deb8u1_amd64.deb
 8a2044e8e329e3126c17abf396d8ba358481dd78ddf14b3271c986e030f76c34 49712 libpolkit-backend-1-dev_0.105-15~deb8u1_amd64.deb
 9843b708ef06c81937716fd9259b3e8ebf7fdd7b54eb437f5f3682450e9ad3b6 15958 gir1.2-polkit-1.0_0.105-15~deb8u1_amd64.deb
Files:
 ba3a87f90ef5c48e0f7225b9bf5e96f2 2915 admin optional policykit-1_0.105-15~deb8u1.dsc
 46616eac22c6faa1e23ee3dd1150c822 41380 admin optional policykit-1_0.105-15~deb8u1.debian.tar.xz
 61217f9ea0842a955b4602c892e07bec 61942 admin optional policykit-1_0.105-15~deb8u1_amd64.deb
 5ea5f482abcccb554148b105771ec33d 264450 doc optional policykit-1-doc_0.105-15~deb8u1_all.deb
 f98c42c2c9660074463b6ce8a5b09cca 43006 libs optional libpolkit-gobject-1-0_0.105-15~deb8u1_amd64.deb
 46e887354057c31d17d4acc47d00e157 61182 libdevel optional libpolkit-gobject-1-dev_0.105-15~deb8u1_amd64.deb
 c00e9f4103ad3f087ef816c1b34b3336 23794 libs optional libpolkit-agent-1-0_0.105-15~deb8u1_amd64.deb
 c067beb9af7320a9dd15d2ae6889fdca 29578 libdevel optional libpolkit-agent-1-dev_0.105-15~deb8u1_amd64.deb
 faba01e9ee40d33acc606cb786ce4869 45358 libs optional libpolkit-backend-1-0_0.105-15~deb8u1_amd64.deb
 670453f6831395047259c84afe388faf 49712 libdevel optional libpolkit-backend-1-dev_0.105-15~deb8u1_amd64.deb
 f3f9a2fce73778aa40d6d1d99e87352a 15958 introspection optional gir1.2-polkit-1.0_0.105-15~deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXSSJqAAoJEGrh4w1gjyLcNRYP+we0z71ES/Y3QD63p6YcfcEa
QtGR7XoPmez+zGr1FvVYezU8ZJTyg1POxEgOYDsIPNNWZB3gFIlq+6ejdo0CCXv9
G9ma2+iS+VxUMNYPK9ErJA4FI3XWcDF9jkgD5cbcp8T3UdHoTMVnkmiDr/9kGJaW
neKYbud7bbEgjMe+Jh+OBQCvc7LSaGYSKUgP6prWQaY/5W36+Hd5lNmPhdBUVVyK
ncGeSRe+iv601ZtEMHpE3CyIcDsVM+nC6DvZWVswgqwdtxc08e0FKdQGNAuMl0Ip
RdIQDOnB9bi3H4RHhwVwpslGeAyf4Al0qftiuzYtYbcXJpqdoc1ykBA85WZpqoVN
qyEC77YkO53ZRVANMg/ICYiCxEV196xvUEogpV65tEjP0E4K8iq8msMapmKDQpWK
Z1npL5EDjCs18Ki2TG3KlW7leGPEwwmFtqDM/VPXCsyXNKikI9wbdPckMUGCTTlS
6yIlAfTBImtUnHF4XUw6lgtgg1woQUHGHYDV7QSAp1HtRGWIHfE02fUsJrJ0zE+t
QFppAEIvLDe26fQHfUAvjdHlY/n0qmE+KcB/vqhT1jhvXH3RAKgAmsJN1XDp9jAn
1pcLkYLU5VisUvQx71YN50qIf4KBGx5WCArnuXosse09sNdmDcsauap7xt9VboXd
16/YTl5W6I4wSbzcmNy5
=6WpK
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.