[Pkg-utopia-maintainers] Bug#916075: policykit-1: Regression from CVE-2018-19788 fix

Salvatore Bonaccorso carnil at debian.org
Sun Jan 13 21:10:40 GMT 2019 

Control: retitle -1 policykit-1: Regression from CVE-2018-19788 fix
Control: forwarded -1 https://gitlab.freedesktop.org/polkit/polkit/issues/77
Control: found -1 0.105-18+deb9u1
Control: affects -1 security.debian.org,release.debian.org

On Sun, Dec 09, 2018 at 09:00:59PM +0100, Paul Gevers wrote:
> Source: policykit-1
> Version: 0.105-23
> X-Debbugs-CC: debian-ci at lists.debian.org
> User: debian-ci at lists.debian.org
> Usertags: regression
> 
> Dear maintainers,
> 
> With a recent upload of policykit-1 the autopkgtest of policykit-1 fails
> in testing when that autopkgtest is run with the binary packages of
> policykit-1 from unstable. It passes when run with only packages from
> testing. In tabular form:
>                        pass            fail
> policykit-1            from testing    0.105-23
> all others             from testing    from testing
> 
> I copied some of the output at the bottom of this report. It seems the
> same error can be found in the python-dbusmock regression due to this
> update.
> 
> Currently this regression is NOT contributing to the delay of the
> migration to testing [1] because of the urgency. Can you please
> investigate the situation and fix it? If needed, please change the bug's
> severity.
> 
> More information about this bug and the reason for filing it can be found on
> https://wiki.debian.org/ContinuousIntegration/RegressionEmailInformation
> 
> Paul
> 
> [1] https://qa.debian.org/excuses.php?package=policykit-1
> 
> https://ci.debian.net/data/autopkgtest/testing/amd64/p/policykit-1/1474415/log.gz
> 
> autopkgtest [04:38:19]: test cli-root: [-----------------------
> TEST: pkaction
> No action with action id unknown.action
> TEST: pkcheck
> 
> ** (process:1436): CRITICAL **: 04:38:19.446:
> polkit_unix_process_set_property: assertion 'val != -1' failed
> 
> ** (process:1439): CRITICAL **: 04:38:19.453:
> polkit_unix_process_set_property: assertion 'val != -1' failed
> autopkgtest [04:38:19]: test cli-root: -----------------------]
> autopkgtest [04:38:19]: test cli-root:  - - - - - - - - - - results - -
> - - - - - - - -
> cli-root             FAIL stderr:

This is a regression from the fix for CVE-2018-19788 and it was
reported upstream by Martin Pitt in
https://gitlab.freedesktop.org/polkit/polkit/issues/77 .

Regards,
Salvatore

More information about the Pkg-utopia-maintainers mailing list