Bug#989667: unblock: policykit-1/0.105-31
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: carnil@debian.org,smcv@pseudorandom.co.uk
Hi Release team
Please unblock package policykit-1
[ Reason ]
The upload to unstable, 0.105-31, fixes CVE-2021-3560, cf. #989429 a
local privilege escalation vulnerability affecting bullseye due to
0.113 patches backported in 0.105-26.
[ Impact ]
Unfixed local privilege escalation issue unfixed in bullseye.
[ Tests ]
None specifically.
[ Risks ]
Low, IMHO, the patch is very isolated to the change in
polkit_system_bus_name_get_creds_sync().
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
[ Other info ]
None.
unblock policykit-1/0.105-31
Regards,
Salvatore
diff -Nru policykit-1-0.105/debian/changelog policykit-1-0.105/debian/changelog
--- policykit-1-0.105/debian/changelog 2021-02-04 14:56:09.000000000 +0100
+++ policykit-1-0.105/debian/changelog 2021-06-03 18:06:34.000000000 +0200
@@ -1,3 +1,13 @@
+policykit-1 (0.105-31) unstable; urgency=medium
+
+ [ Salvatore Bonaccorso ]
+ * d/p/CVE-2021-3560.patch:
+ Fix local privilege escalation involving
+ polkit_system_bus_name_get_creds_sync() (CVE-2021-3560)
+ (Closes: #989429)
+
+ -- Simon McVittie <smcv@debian.org> Thu, 03 Jun 2021 17:06:34 +0100
+
policykit-1 (0.105-30) unstable; urgency=medium
[ Helmut Grohne ]
diff -Nru policykit-1-0.105/debian/patches/CVE-2021-3560.patch policykit-1-0.105/debian/patches/CVE-2021-3560.patch
--- policykit-1-0.105/debian/patches/CVE-2021-3560.patch 1970-01-01 01:00:00.000000000 +0100
+++ policykit-1-0.105/debian/patches/CVE-2021-3560.patch 2021-06-03 18:06:34.000000000 +0200
@@ -0,0 +1,22 @@
+Description: local privilege escalation using polkit_system_bus_name_get_creds_sync()
+Origin: upstream
+Bug: https://gitlab.freedesktop.org/polkit/polkit/-/issues/140
+Bug-Debian: https://bugs.debian.org/989429
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3560
+Forwarded: not-needed
+Author: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2021-06-03
+
+--- a/src/polkit/polkitsystembusname.c
++++ b/src/polkit/polkitsystembusname.c
+@@ -435,6 +435,9 @@ polkit_system_bus_name_get_creds_sync (PolkitSystemBusName *system_bus
+ while (!((data.retrieved_uid && data.retrieved_pid) || data.caught_error))
+ g_main_context_iteration (tmp_context, TRUE);
+
++ if (data.caught_error)
++ goto out;
++
+ if (out_uid)
+ *out_uid = data.uid;
+ if (out_pid)
+
diff -Nru policykit-1-0.105/debian/patches/series policykit-1-0.105/debian/patches/series
--- policykit-1-0.105/debian/patches/series 2021-02-04 14:56:09.000000000 +0100
+++ policykit-1-0.105/debian/patches/series 2021-06-03 18:06:34.000000000 +0200
@@ -60,3 +60,4 @@
Move-D-Bus-policy-file-to-usr-share-dbus-1-system.d.patch
Statically-link-libpolkit-backend1-into-polkitd.patch
Remove-example-null-backend.patch
+CVE-2021-3560.patch
Reply to: