Hello Kevin, thanks for the excellent GHSL-2020-161 report. Given that
the polkit rules are intentional, if ancient, and the udisks2 team
doesn't want to treat the symlink finding as a security bug, I'm going
to open this publicly and mark it wontfix, to reflect what's likely
going to happen for our currently released systems.
I do hope upstream handles the symlink discovery eventually but I can
appreciate why they wouldn't want to handle it as a security issue.
Thanks
** Information type changed from Private Security to Public Security
** Changed in: policykit-desktop-privileges (Ubuntu)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1899019
Title:
Typo in UDisks action
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/policykit-desktop-privileges/+bug/1899019/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
