[Pkg-utopia-maintainers] Bug#1005784: policykit-1: CVE-2021-4115: file descriptor leak allows an unprivileged user to cause a crash

Salvatore Bonaccorso carnil at debian.org
Mon Feb 14 21:29:29 GMT 2022


Source: policykit-1
Version: 0.105-31.1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Control: found -1 0.105-31
Control: found -1 0.105-31+deb11u1
Control: found -1 0.105-25
Control: found -1 0.105-25+deb10u1

Hi,

The following vulnerability was published for policykit-1.

CVE-2021-4115[0]:
| file descriptor leak allows an unprivileged user to cause a crash

See [1]. Upstream has not yet pushed the commit into the repository,

Simon, Michael opinions on the DSA need? *If* it's automatically
restarted after crash, then we can schedule the fixes via the upcoming
point releases IMHO.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-4115
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4115
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2007534

Regards,
Salvatore



More information about the Pkg-utopia-maintainers mailing list