Hi Michael, On Thu, 2013-09-19 at 13:06 +0200, Michael Biebl wrote: > Hi Miloslav, > > regarding CVE-2013-4288, do youd which versions of polkit are affected > by this issue? > Since the changelog talks about deprecating racy APIs, does that mean, > polkit clients need to be updated as well for the fix to be effective? > Given that, do you have a list of vulnerable/affected packages?
See https://bugzilla.redhat.com/show_bug.cgi?id=1002375#c20 You can also clone the no-longer-secret: http://people.freedesktop.org/~walters/secret/38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b/ (Note: I think the libvirt patches there may be slightly out of date, so for the canonical set I recommend getting in touch with each individual component maintainer) _______________________________________________ polkit-devel mailing list polkit-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/polkit-devel
