[Pkg-utopia-maintainers] Bug#1093276: Bug#1093276: polkit: When entering (correct) password, then waiting for timeout, password gets copied on CLI!
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 23 06:30:35 GMT 2025
Hi
Thansk for the heads-up, adding the security tag and including the
security team alias.
On Wed, Jan 22, 2025 at 09:26:12PM +0000, Mark Esler wrote:
> Hello o/
>
> I have not been able to reproduce this issue on a non-Debian based
> distro. So far, we do not have evidence that upstream is affected.
>
> I left some testing comments upsteam:
> https://github.com/polkit-org/polkit/issues/545
>
> This issue affects Ubuntu 24.04+ Desktop and Server. Ubuntu 22.04 is
> unaffected, which uses policykit-1 version 0.105-33.
>
> My personal laptop runs 24.04 server without policykit-1 (or gdm) and I
> am not affected.
>
> If this is verified as a Debian introduced vulnerability, I can assign a
> CVE.
My understanding from what followed later on the upstream issue is
that Michael is able to reproduce it as well on non-Debian distros.
And there seems to be confirmation as well that it's a known issue
upstream.
Regards,
Salvatore
More information about the Pkg-utopia-maintainers
mailing list