First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 215701
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 215701 depends on: 214801 Show dependency tree
Bug 215701 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-04-01 13:43 0000 
Kees Cook writes:
If a user types a carefully crafted series of format strings, they can trick 
polkit-grant-helper into thinking the password was successful.

https://launchpad.net/bugs/205037

Patch:
https://bugs.freedesktop.org/attachment.cgi?id=15591

------- Comment #1 From Robert Buchholz 2008-04-01 13:44:55 0000 ------- 
# Saleem Abdulrasool <compnerd@gentoo.org> (23 Nov 2007)
# These might break automounting, so keep them masked for now.
>=sys-auth/policykit-0.6
>=gnome-base/gnome-mount-0.7
>=gnome-extra/policykit-gnome-0.6

Rating ~2 because this is masked.

------- Comment #2 From Doug Goldstein 2008-04-03 14:21:31 0000 ------- 
I had to giggle at this one. So much for David Z claiming that Red Hat
internally ran PolicyKit through 2 in house security audits and it was
perfectly clean...

------- Comment #3 From Pierre-Yves Rofes 2008-05-06 14:15:43 0000 ------- 
Any news here? could we just apply the patch and be done with this bug?

------- Comment #4 From Steev Klimaszewski 2008-05-06 20:03:00 0000 ------- 
I've always let security run things when it comes to security patches.  I don't
typically touch policykit, at least, as much as I can avoid touching it.  Okay
by me if you do, compnerd has final say afaik.

------- Comment #5 From Robert Buchholz 2008-05-12 19:44:12 0000 ------- 
PolicyKit 0.8 has been released and it fixes this bug.

If anyone could bump it to resolve this issue, that'd be great. No further
requirements from security, the patch is ok.

------- Comment #6 From Pierre-Yves Rofes 2008-09-19 21:37:01 0000 ------- 
could someone please bump so we're done with it? Thanks.

------- Comment #7 From Robert Buchholz 2008-12-01 23:21:33 0000 ------- 
bumped, noglsa. thanks.
First Last Prev Next    No search results available      Search page      Enter new bug