Your message dated Thu, 10 Jun 2021 14:41:50 +0200
with message-id
<cam8zjqtvpndwxhnvjnndmo-yjqm8abr_w+kaor+g-qmkbsj...@mail.gmail.com>
and subject line Re: Bug#989667: unblock: policykit-1/0.105-31
has caused the Debian Bug report #989667,
regarding unblock: policykit-1/0.105-31
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
989667: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989667
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
X-Debbugs-Cc: [email protected],[email protected]
Hi Release team
Please unblock package policykit-1
[ Reason ]
The upload to unstable, 0.105-31, fixes CVE-2021-3560, cf. #989429 a
local privilege escalation vulnerability affecting bullseye due to
0.113 patches backported in 0.105-26.
[ Impact ]
Unfixed local privilege escalation issue unfixed in bullseye.
[ Tests ]
None specifically.
[ Risks ]
Low, IMHO, the patch is very isolated to the change in
polkit_system_bus_name_get_creds_sync().
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
None.
unblock policykit-1/0.105-31
Regards,
Salvatore
diff -Nru policykit-1-0.105/debian/changelog policykit-1-0.105/debian/changelog
--- policykit-1-0.105/debian/changelog 2021-02-04 14:56:09.000000000 +0100
+++ policykit-1-0.105/debian/changelog 2021-06-03 18:06:34.000000000 +0200
@@ -1,3 +1,13 @@
+policykit-1 (0.105-31) unstable; urgency=medium
+
+ [ Salvatore Bonaccorso ]
+ * d/p/CVE-2021-3560.patch:
+ Fix local privilege escalation involving
+ polkit_system_bus_name_get_creds_sync() (CVE-2021-3560)
+ (Closes: #989429)
+
+ -- Simon McVittie <[email protected]> Thu, 03 Jun 2021 17:06:34 +0100
+
policykit-1 (0.105-30) unstable; urgency=medium
[ Helmut Grohne ]
diff -Nru policykit-1-0.105/debian/patches/CVE-2021-3560.patch
policykit-1-0.105/debian/patches/CVE-2021-3560.patch
--- policykit-1-0.105/debian/patches/CVE-2021-3560.patch 1970-01-01
01:00:00.000000000 +0100
+++ policykit-1-0.105/debian/patches/CVE-2021-3560.patch 2021-06-03
18:06:34.000000000 +0200
@@ -0,0 +1,22 @@
+Description: local privilege escalation using
polkit_system_bus_name_get_creds_sync()
+Origin: upstream
+Bug: https://gitlab.freedesktop.org/polkit/polkit/-/issues/140
+Bug-Debian: https://bugs.debian.org/989429
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3560
+Forwarded: not-needed
+Author: Salvatore Bonaccorso <[email protected]>
+Last-Update: 2021-06-03
+
+--- a/src/polkit/polkitsystembusname.c
++++ b/src/polkit/polkitsystembusname.c
+@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName
*system_bus
+ while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
+ g_main_context_iteration (tmp_context, TRUE);
+
++ if (data.caught_error)
++ goto out;
++
+ if (out_uid)
+ *out_uid = data.uid;
+ if (out_pid)
+
diff -Nru policykit-1-0.105/debian/patches/series
policykit-1-0.105/debian/patches/series
--- policykit-1-0.105/debian/patches/series 2021-02-04 14:56:09.000000000
+0100
+++ policykit-1-0.105/debian/patches/series 2021-06-03 18:06:34.000000000
+0200
@@ -60,3 +60,4 @@
Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch
Statically-link-libpolkit-backend1-into-polkitd.patch
Remove-example-null-backend.patch
+CVE-2021-3560.patch
--- End Message ---
--- Begin Message ---
Unblocked.
--- End Message ---
