[Pkg-utopia-maintainers] Bug#1109334: policykit-1: CVE-2025-7519
Moritz Mühlenhoff
jmm at inutil.org
Wed Jul 16 13:36:19 BST 2025
On Tue, Jul 15, 2025 at 02:49:55PM +0100, Simon McVittie wrote:
> On Tue, 15 Jul 2025 at 14:29:13 +0200, Moritz Mühlenhoff wrote:
> > The following vulnerability was published for policykit-1.
> >
> > CVE-2025-7519[0]:
> > | When processing an XML policy with 32 or
> > | more nested elements in depth
> [...]
> > | | To exploit
> > | this flaw, a high-privilege account is needed
>
> Honestly, I don't think this is a security vulnerability and I think the CVE
> should have been rejected. I think it's just a bug.
Hence my "Labelling this a security issue seems to be a bit of a stretch..."
in the report, since you concur I've marked it as a non issue in the Security
Tracker. For unstable we can simply close the bug when it reaches sid after
the next rebase post trixie release.
Cheers,
Moritz
More information about the Pkg-utopia-maintainers
mailing list