On Tue, Oct 15, 2013 at 06:52:57PM +0200, Michael Biebl wrote: [..snip..] > So I'd like a clear advice from the security what to do about > CVE-2013-4288 (Bug: #723717) in policykit-1/stable: > a/ Fix via stable-security > b/ Fix via stabe > c/ Ignore (not important enough). > > I'm happy to do either a/ or b/ if the security team wants me to. > > If c/, this means libvirt would have to remove that patch for its stable > upload > If we are going to fix policykit-1 in stable, libvirt should have a > versioned dep on policykit-1, to ensure it gets the correct version of > pkcheck.
Just as a data point. Libvirt can keep the patches but when build against a unpatched polkit they would be disabled. Cheers and thanks for following up on this! -- Guido > > > Michael > > > > -- > Why is it that all of the instruments seeking intelligent life in the > universe are pointed away from Earth? > -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
