| Summary: | <gnome-extra/cinnamon-settings-daemon-2.8.3: csd-datetime does not authorize users | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | gnome, salikov.alexey |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1276639 | ||
| Whiteboard: | B3 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
https://github.com/linuxmint/cinnamon-settings-daemon/pull/101 cinnamon-settings-daemon (2.8.1) rosa; urgency=medium [ JosephMcc ] * clean up some unused functions and variables [ leigh123linux ] * csd-datetime forgets to authorize users -- Clement Lefebvre <root@linuxmint.com> Mon, 09 Nov 2015 10:45:19 +0000 https://packages.gentoo.org/packages/gnome-extra/cinnamon-settings-daemon i no have any idea why you keep it open We only have fixed versions in the tree GLSA Vote: No. |
From ${URL} : It was found that csd-datetime-setting SetDate DBUS function does not check the polkit authorization for the caller, Unlike SetTime. CVE request: http://seclists.org/oss-sec/2015/q4/180 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.