Bug 23297

Summary: polkit new security issue CVE-2018-1116
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Nicolas Lécureuil <mageia>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: basesystem, marja11, mhrambo3501, tmb
Version: 6   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: polkit-0.114-1.mga7.src.rpm CVE:
Status comment:
Bug Depends on: 23940    
Bug Blocks:    

Description David Walser 2018-07-12 21:59:11 CEST 
A security issue fixed upstream in polkit has been announced on July 11:
http://www.openwall.com/lists/oss-security/2018/07/11/2

The issue is fixed upstream in 0.115 and the message above contains a link to the commit that fixed it.

Mageia 5 and Mageia 6 are also affected.
David Walser 2018-07-12 21:59:19 CEST

Whiteboard: (none) => MGA6TOO

Comment 1 Thomas Backlund 2018-07-13 21:02:19 CEST 
polkit-0.115-1.mga7 uploaded to cauldron

Whiteboard: MGA6TOO => (none)
Version: Cauldron => 6
CC: (none) => tmb

Comment 2 Marja Van Waes 2018-07-15 16:57:55 CEST 
Assigning to the registered maintainer.

CC'ing the basesystem maintainer, in case this package counts as basesystem package. Does it??

CC: (none) => basesystem, marja11
Assignee: bugsquad => mageia

Comment 3 David Walser 2018-07-15 17:19:05 CEST 
I would say it's a basesystem package.
Comment 4 David Walser 2018-07-16 20:01:16 CEST 
Ubuntu has issued an advisory for this today (July 16):
https://usn.ubuntu.com/3717-1/
Comment 5 David Walser 2018-07-17 15:30:49 CEST 
Fedora has issued an advisory for this on July 13:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/AJXDSYWQWS3BQAIM7HTYQC4AWFGKRDD7/
Comment 6 David Walser 2018-07-20 18:44:02 CEST 
openSUSE has issued an advisory for this today (July 20):
https://lists.opensuse.org/opensuse-updates/2018-07/msg00055.html
David Walser 2018-12-25 21:09:20 CET

Depends on: (none) => 23940

Comment 7 Mike Rambo 2019-11-06 13:31:50 CET 
Mageia 6 is EOL.

CC: (none) => mrambo
Status: NEW => RESOLVED
Resolution: (none) => OLD