[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#726558: pu: package policykit-1/0.105-3+deb7u1

Hi Michael,

On Sat, Sep 20, 2014 at 06:29:52PM +0200, Julien Cristau wrote:
> Control: tag -1 confirmed
> 
> On Wed, Oct 16, 2013 at 18:41:29 +0200, Michael Biebl wrote:
> 
> > Package: release.debian.org
> > Severity: normal
> > User: release.debian.org@packages.debian.org
> > Usertags: pu
> > 
> > As discussed in [1], I'd like to upload a fix for CVE-2013-4288 for
> > policykit-1 to stable.
> > The patch itself has been applied to the unstable version as well (in
> > 0.105-3+nmu1).
> > 
> > Please let me know if I can proceed with the stable upload to get this
> > fix into 7.3.
> > 
> [a year passes...]
> 
> Hi Michael,
> 
> if this is still on the cards and the libvirt maintainer is still
> interested please go ahead with an upload.

ping? I was looking into the open CVEs for libvirt, and stumbled over
this one. Is this still planned or was there some followup issues?

I concretely was looking at CVE-2013-4311/libvirt which since
0.9.12.3-1 has "sourcewise" support for 3-arg pkcheck syntax, but
needs  accordingly an updated policykit-1 and an according rebuild to
be fixed.

Regards,
Salvatore
Reply to: