Summary: | sys-apps/accountsservice: local privilege escalation via crafted dbus message | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | critical | CC: | ajak, gnome |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice/ | ||
Whiteboard: | A1 [ebuild] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2023-11-25 19:37:30 UTC
The upstream Ubuntu bug has been resolved as fixed with only changes to the specific patch. We don't carry that patch so this vulnerability does not apply to us. @ajak: do you want to double-check this, or can I close this bug? Hm, the original report says "This is done incorrectly in several places in accountsservice. For example, [in the patch]", which would lead me to think that there's multiple instances of this problem in various places throughout accountsservice, rather than exclusively in the patch. But it seems Ubuntu only patched the patch, so I'm happy following them on that. |