[Pkg-utopia-maintainers] policykit-1 CVE-2018-19788 in jessie

Moritz Muehlenhoff jmm at inutil.org
Thu Dec 20 11:57:00 GMT 2018


On Thu, Dec 20, 2018 at 03:11:49PM +0530, Abhijith PA wrote:
> Hi Santiago,
> 
> On Thursday 20 December 2018 01:00 AM, Santiago Ruano Rincón wrote:
> > Dear Maintainers,
> > 
> > (It seems my first attempt to send this mail failed. Sorry if you
> > received it twice)
> > 
> > As opposed to stretch, I have been unable to reproduce CVE-2018-19788 in
> > jessie. i.e. systemctl correctly doesn't allow me to stop services, and
> > pkexec blocks me from executing applications that need privileges. 
> 
> I couldn't reproduce in my jessie machine either.
> 
> > Do you think is it safe to consider jessie as not-affected? Or is it
> > still worth to apply the patch?
> 
> I think its okay to mark as not-affected.

Don't mark issues as not-affected just because some specific reproducer
doesn't trigger. This should only be done if source code analysis
has shown it to be not affected.

Cheers,
        MOritz



More information about the Pkg-utopia-maintainers mailing list