Bug#726558: pu: package policykit-1/0.105-3+deb7u1
Hi
On Sat, Sep 27, 2014 at 08:20:32AM +0200, Salvatore Bonaccorso wrote:
> Hi Michael,
>
> On Sat, Sep 20, 2014 at 06:29:52PM +0200, Julien Cristau wrote:
> > Control: tag -1 confirmed
> >
> > On Wed, Oct 16, 2013 at 18:41:29 +0200, Michael Biebl wrote:
> >
> > > Package: release.debian.org
> > > Severity: normal
> > > User: release.debian.org@packages.debian.org
> > > Usertags: pu
> > >
> > > As discussed in [1], I'd like to upload a fix for CVE-2013-4288 for
> > > policykit-1 to stable.
> > > The patch itself has been applied to the unstable version as well (in
> > > 0.105-3+nmu1).
> > >
> > > Please let me know if I can proceed with the stable upload to get this
> > > fix into 7.3.
> > >
> > [a year passes...]
> >
> > Hi Michael,
> >
> > if this is still on the cards and the libvirt maintainer is still
> > interested please go ahead with an upload.
>
> ping? I was looking into the open CVEs for libvirt, and stumbled over
> this one. Is this still planned or was there some followup issues?
As said on IRC, I overlooked the date when Julien had sent the ping.
Sorry about that, should have paid more attention to this. Once
policykit-1 would be in stable where will be neede a rebuild of
libvirt for having that fixed also on libvirt's side.
Additionally though a libvirt upload to wheezy-security is also
planned for CVE-2014-3633.
Regards,
Salvatore
Reply to: