Source: policykit-1 Version: 0.105-31.1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: found -1 0.105-31 Control: found -1 0.105-31+deb11u1 Control: found -1 0.105-25 Control: found -1 0.105-25+deb10u1
Hi, The following vulnerability was published for policykit-1. CVE-2021-4115[0]: | file descriptor leak allows an unprivileged user to cause a crash See [1]. Upstream has not yet pushed the commit into the repository, Simon, Michael opinions on the DSA need? *If* it's automatically restarted after crash, then we can schedule the fixes via the upcoming point releases IMHO. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-4115 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4115 [1] https://bugzilla.redhat.com/show_bug.cgi?id=2007534 Regards, Salvatore

