[SCM] rtkit/master.stable: New entry.
alessio at users.alioth.debian.org
alessio at users.alioth.debian.org
Tue Oct 8 08:48:01 UTC 2013
The following commit has been merged in the master.stable branch:
commit caf18911977d6ef8d1a5cd912467c4b0f33d2da2
Author: Alessio Treglia <alessio at debian.org>
Date: Tue Oct 8 09:42:25 2013 +0100
New entry.
diff --git a/debian/changelog b/debian/changelog
index 840d6ce..e4355d4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+rtkit (0.10-2+wheezy1) stable; urgency=high
+
+ * Fix CVE-2013-4326:
+ - pass uid of caller to polkit, otherwise we force polkit to look up
+ the uid itself in /proc, which is racy if they execve() a setuid
+ binary (Closes: #723714)
+
+ -- Alessio Treglia <alessio at debian.org> Tue, 08 Oct 2013 09:41:41 +0100
+
rtkit (0.10-2) unstable; urgency=low
* debian/patches/02-fix-undropped-supp-groups.patch:
--
rtkit packaging
More information about the pkg-multimedia-commits
mailing list