[ubuntu/wily-proposed] policykit-1 0.105-11ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Sep 9 12:18:16 UTC 2015 

policykit-1 (0.105-11ubuntu1) wily; urgency=medium

  * SECURITY UPDATE: heap corruption via duplicate ids
    - debian/patches/CVE-2015-3255.patch: fix GHashTable usage in
      src/polkitbackend/polkitbackendactionpool.c.
    - CVE-2015-3255
  * SECURITY UPDATE: denial of service via identical cookies
    - debian/patches/CVE-2015-4625.patch: use unpredictable cookie values,
      keep them secret, and bind them to specific uids in configure.ac,
      data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml,
      data/org.freedesktop.PolicyKit1.Authority.xml,
      docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml,
      docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml,
      docs/polkit/overview.xml,
      src/polkit/polkitauthority.c,
      src/polkitagent/polkitagenthelper-pam.c,
      src/polkitagent/polkitagenthelper-shadow.c,
      src/polkitagent/polkitagenthelperprivate.c,
      src/polkitagent/polkitagenthelperprivate.h,
      src/polkitagent/polkitagentlistener.c,
      src/polkitagent/polkitagentsession.c,
      src/polkitbackend/polkitbackendauthority.c,
      src/polkitbackend/polkitbackendauthority.h,
      src/polkitbackend/polkitbackendinteractiveauthority.c.
    - CVE-2015-4625

Date: Tue, 08 Sep 2015 13:03:49 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/policykit-1/0.105-11ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 08 Sep 2015 13:03:49 -0400
Source: policykit-1
Binary: policykit-1 policykit-1-doc libpolkit-gobject-1-0 libpolkit-gobject-1-dev libpolkit-agent-1-0 libpolkit-agent-1-dev libpolkit-backend-1-0 libpolkit-backend-1-dev gir1.2-polkit-1.0
Architecture: source
Version: 0.105-11ubuntu1
Distribution: wily
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 gir1.2-polkit-1.0 - GObject introspection data for PolicyKit
 libpolkit-agent-1-0 - PolicyKit Authentication Agent API
 libpolkit-agent-1-dev - PolicyKit Authentication Agent API - development files
 libpolkit-backend-1-0 - PolicyKit backend API
 libpolkit-backend-1-dev - PolicyKit backend API - development files
 libpolkit-gobject-1-0 - PolicyKit Authorization API
 libpolkit-gobject-1-dev - PolicyKit Authorization API - development files
 policykit-1 - framework for managing administrative policies and privileges
 policykit-1-doc - documentation for PolicyKit-1
Changes:
 policykit-1 (0.105-11ubuntu1) wily; urgency=medium
 .
   * SECURITY UPDATE: heap corruption via duplicate ids
     - debian/patches/CVE-2015-3255.patch: fix GHashTable usage in
       src/polkitbackend/polkitbackendactionpool.c.
     - CVE-2015-3255
   * SECURITY UPDATE: denial of service via identical cookies
     - debian/patches/CVE-2015-4625.patch: use unpredictable cookie values,
       keep them secret, and bind them to specific uids in configure.ac,
       data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml,
       data/org.freedesktop.PolicyKit1.Authority.xml,
       docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.AuthenticationAgent.xml,
       docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml,
       docs/polkit/overview.xml,
       src/polkit/polkitauthority.c,
       src/polkitagent/polkitagenthelper-pam.c,
       src/polkitagent/polkitagenthelper-shadow.c,
       src/polkitagent/polkitagenthelperprivate.c,
       src/polkitagent/polkitagenthelperprivate.h,
       src/polkitagent/polkitagentlistener.c,
       src/polkitagent/polkitagentsession.c,
       src/polkitbackend/polkitbackendauthority.c,
       src/polkitbackend/polkitbackendauthority.h,
       src/polkitbackend/polkitbackendinteractiveauthority.c.
     - CVE-2015-4625
Checksums-Sha1:
 13be4f3e6c66f7b82f25174cbce769d8523d59b4 2988 policykit-1_0.105-11ubuntu1.dsc
 fb6d9fa7437d099c072871d7555c9261aaca129c 29000 policykit-1_0.105-11ubuntu1.debian.tar.xz
Checksums-Sha256:
 0f42666b0101f3fbe137db56b5a662a3a405663dee0e74fd72796f888b6e2f1d 2988 policykit-1_0.105-11ubuntu1.dsc
 765f74abd8a710b143b6030468903c906e91696fcdf19edc37d2be91649ec689 29000 policykit-1_0.105-11ubuntu1.debian.tar.xz
Files:
 d3b0d687d7988d50103d2b0a98d644e7 2988 admin optional policykit-1_0.105-11ubuntu1.dsc
 6be02720030b1ab17613ebd22cb9d847 29000 admin optional policykit-1_0.105-11ubuntu1.debian.tar.xz
Original-Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJV8CMrAAoJEGVp2FWnRL6TJYIQAKJ4RkgiAWqSswnL81xGMEu2
OHuYcGkh5mlTxdCUA4gDPty3qqKntXV6RjJWjVCLYzXtJtzwtTl1aaMYyTB80sxh
Z+xaIKv3yh8kd11LSpDUkSC3wYmGPkb22T2oCK3fgMSNdw41TVIIkd4bkfkwruOh
7I3sMitI8SDBNZL0FemeXjcOwJ47kbXMDtRVtTVD69Ldvh5dlMpiwglArsjdrTvm
Z2aoMmc6iLS3CZPyqvVNQmk3sEHYtz3mVxn0nDuEwOhbKa5TFNvI3H2riMYTPlwM
qrKUmaEQkPapZwExFSIDYEu2ytlKE9YebXEFIdHb2EUd1+YS16mFMnEYr885MsLd
Cbj5hrGqcsTqfA2I62X2EhYrgnzDLKdrb3SHZXEZ0qLDmTWvut708VnFFEby6S/F
7oBHzexZr7mJzhEDsEHCsTi6j3m0/IyBop6WlLQ0Y/YomAFIU78r0LHuB3DKD8Z9
6N0K4+SmnMpo9jN/aJP9hWRTrVnPPpd+AFLc/6kgX8FqPJ4DGNaEpS5KB8CCS/jd
0bKgqpGXCuk+j/H3fnrS7JZK20n7lEypntcvhtItv2laAKdKz7vaakj7q4hGK3hv
d3aqS0nQQOeFqNU74jtNOMYQGdIEyA+YyoGm+b45/P0FHOE1kSkAnMoTwGvgTYRu
bTTm1LclsS3yhjVNljTK
=/XB9
-----END PGP SIGNATURE-----

More information about the Wily-changes mailing list