[Pkg-utopia-maintainers] Bug#1005784: policykit-1: CVE-2021-4115: file descriptor leak allows an unprivileged user to cause a crash
Salvatore Bonaccorso
carnil at debian.org
Mon Feb 14 21:29:29 GMT 2022
Source: policykit-1
Version: 0.105-31.1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Control: found -1 0.105-31
Control: found -1 0.105-31+deb11u1
Control: found -1 0.105-25
Control: found -1 0.105-25+deb10u1
Hi,
The following vulnerability was published for policykit-1.
CVE-2021-4115[0]:
| file descriptor leak allows an unprivileged user to cause a crash
See [1]. Upstream has not yet pushed the commit into the repository,
Simon, Michael opinions on the DSA need? *If* it's automatically
restarted after crash, then we can schedule the fixes via the upcoming
point releases IMHO.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-4115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4115
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2007534
Regards,
Salvatore
More information about the Pkg-utopia-maintainers
mailing list