[Pkg-utopia-maintainers] policykit-1 CVE-2018-19788 in jessie

Abhijith PA abhijith at disroot.org
Thu Dec 20 09:41:49 GMT 2018


Hi Santiago,

On Thursday 20 December 2018 01:00 AM, Santiago Ruano Rincón wrote:
> Dear Maintainers,
> 
> (It seems my first attempt to send this mail failed. Sorry if you
> received it twice)
> 
> As opposed to stretch, I have been unable to reproduce CVE-2018-19788 in
> jessie. i.e. systemctl correctly doesn't allow me to stop services, and
> pkexec blocks me from executing applications that need privileges. 

I couldn't reproduce in my jessie machine either.

> Do you think is it safe to consider jessie as not-affected? Or is it
> still worth to apply the patch?

I think its okay to mark as not-affected.


--abhijith




More information about the Pkg-utopia-maintainers mailing list