[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#905232: stretch-pu: package brltty/5.4-7+deb9u1

Adam D. Barratt, le ven. 17 août 2018 16:18:05 +0100, a ecrit:
> On Wed, 2018-08-01 at 19:09 +0200, Samuel Thibault wrote:
> > The story is that the policykit-1 package was patched in unstable
> > with 0.115/Fix-CVE-2018-1116-Trusting-client-supplied-UID.patch
> > to fix a CVE, and we have noticed that it completely breaks polkit
> > authentication in brlapi, which means that braille does not work in
> > graphical sessions, reported as bug #905058.  This is actually due to
> > a misuse of the polkit API in brltty, which only got to pose problem
> > with the addition of that policykit patch. A brltty fix has been
> > uploaded to unstable so the issue is fixed there.  policykit
> > maintainers however plan to upload their patch to stretch, so we need
> > to upload the brltty fix in stretch too.
> 
> Thanks for fixing this. As brltty produces a udeb, this needs a KiBi-
> ack; tagged and CCing accordingly.

Well, the brltty udeb doesn't contain polkit support, so it should be a
no-op, but better have KiBi aware of the new version indeed :)

Samuel
Reply to: