Devuan bug report logs - #658
policykit-1: CVE-2021-4034

version graph

Package: policykit-1; Maintainer for policykit-1 is Devuan Dev Team <devuan-dev@lists.dyne.org>; Source for policykit-1 is src:policykit-1.

Reported by: Dimitris <dimitris@stinpriza.org>

Date: Wed, 26 Jan 2022 10:26:01 UTC

Severity: critical

Found in version 0.105-31+devuan1

Fixed in versions 0.105-31.1+devuan1, 0.105-25+devuan0~bpo2+2, 0.105-31+devuan2, 0.105-25+devuan9

Done: Mark Hindley <mark@hindley.org.uk>

Full log


🔗 View this message in rfc822 format

X-Loop: owner@bugs.devuan.org
Subject: bug#658: policykit-1: CVE-2021-4034
Reply-To: Dimitris <dimitris@stinpriza.org>, 658@bugs.devuan.org
Resent-From: Dimitris <dimitris@stinpriza.org>
Resent-To: devuan-bugs@lists.dyne.org
Resent-CC: Devuan Dev Team <devuan-dev@lists.dyne.org>
X-Loop: owner@bugs.devuan.org
Resent-Date: Wed, 26 Jan 2022 12:12:01 +0000
Resent-Message-ID: <handler.658.B658.16431990342771@bugs.devuan.org>
Resent-Sender: owner@bugs.devuan.org
X-Devuan-PR-Message: followup 658
X-Devuan-PR-Package: policykit-1
X-Devuan-PR-Keywords: 
References: <40c391db-619c-579c-c077-3360f12400d3@stinpriza.org> <40c391db-619c-579c-c077-3360f12400d3@stinpriza.org> <40c391db-619c-579c-c077-3360f12400d3@stinpriza.org>
Received: via spool by 658-submit@bugs.devuan.org id=B658.16431990342771
          (code B ref 658); Wed, 26 Jan 2022 12:12:01 +0000
Received: (at 658) by bugs.devuan.org; 26 Jan 2022 12:10:34 +0000
Delivered-To: devuanbugs@dyne.org
Received: from tupac3.dyne.org [195.169.149.119]
	by doc.devuan.org with IMAP (fetchmail-6.4.16)
	for <debbugs@localhost> (single-drop); Wed, 26 Jan 2022 12:10:34 +0000 (UTC)
Received: from cacofonix.stinpriza.org (cacofonix.stinpriza.org [148.251.45.81])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.dyne.org (Postfix) with ESMTPS id 458646617E8
	for <658@bugs.devuan.org>; Wed, 26 Jan 2022 13:10:15 +0100 (CET)
Authentication-Results: mail.dyne.org;
	dkim=pass (2048-bit key; unprotected) header.d=stinpriza.org header.i=@stinpriza.org header.b="M8MFf+aF";
	dkim-atps=neutral
Received: from [192.168.0.102] (unknown [45.153.183.197])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(No client certificate requested)
	by cacofonix.stinpriza.org (Postfix) with ESMTPSA id 52E8F2A42F3B
	for <658@bugs.devuan.org>; Wed, 26 Jan 2022 14:10:14 +0200 (EET)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=stinpriza.org; s=mail;
	t=1643199014; bh=9syBQPccdp+5g5Yje5YpE34XUgMz3yFR2xmnh0fn++s=;
	h=Date:To:References:From:Subject:In-Reply-To:From;
	b=M8MFf+aFdzcpVKBKw3JmD09TwgcxK7WhLKOlvHHWmcqwkhuWI976i28XLsZ+NHyto
	 KwXYhZbZgVoh56GfelZoyg5qxFpLel0iK4JBhJpF1LMs1sboe5gH+E1IU+JkKNmBAh
	 bVokHPXwfwpKCHsfMyMYajTMEw9r4MSglPJS24GccuuZFd/fcsQg+O09a8oBQ1IwHQ
	 xxhSdO49BF4/Jq3Nz/7Grb0Cl6vBfqGo6tDXI6jSN6eofNwV0uIOhcO5VR4BVdEdaX
	 1DUuhn41xht3uwGmbNyI8Z3qA6J36bDq7crtItuQ0Lk7q6EcavmkRBPCWQs2u9fOSq
	 2pc5UYMJcUoJg==
Message-ID: <742bab9b-329d-7919-c4c7-913fc9423f92@stinpriza.org>
Date: Wed, 26 Jan 2022 14:10:13 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.5.1
To: 658@bugs.devuan.org
Content-Language: en-US
From: Dimitris <dimitris@stinpriza.org>
In-Reply-To: <40c391db-619c-579c-c077-3360f12400d3@stinpriza.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.11 (cacofonix.stinpriza.org [0.0.0.0]); Wed, 26 Jan 2022 14:10:14 +0200 (EET)
X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,SPF_PASS,
	URIBL_BLOCKED autolearn=disabled version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail.dyne.org
seems a new version (0.105-31.1+devuan1) just came in ceres, which 
merges debian/0.105-31.1, so this is probably fixed for daedalus/ceres!

leaving it open, so you can confirm security fix & close as you think.

thanks!
d.

Send a report that this bug log contains spam.


Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.

Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified: Fri Mar 29 15:05:40 2024;