policykit-1 CVE-2018-19788 in jessie

To: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Cc: debian-lts@lists.debian.org
Subject: policykit-1 CVE-2018-19788 in jessie
From: Santiago Ruano Rincón <santiagorr@riseup.net>
Date: Wed, 19 Dec 2018 16:30:52 -0300
Message-id: <[🔎] 20181219193052.GA25147@novelo>

Dear Maintainers,

(It seems my first attempt to send this mail failed. Sorry if you
received it twice)

As opposed to stretch, I have been unable to reproduce CVE-2018-19788 in
jessie. i.e. systemctl correctly doesn't allow me to stop services, and
pkexec blocks me from executing applications that need privileges. 

Do you think is it safe to consider jessie as not-affected? Or is it
still worth to apply the patch?

Cheers,

S

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: policykit-1 CVE-2018-19788 in jessie
  - From: Abhijith PA <abhijith@disroot.org>

Prev by Date: Re: MySQL 5.5 EOL before Debian 8 LTS ends
Next by Date: Re: proposed removal of Enigmail from jessie/LTS
Previous by thread: uw-imap: unclaimed package after 3 weeks of inactivity
Next by thread: Re: policykit-1 CVE-2018-19788 in jessie
Index(es):
- Date
- Thread