Bug 35439 - acpi-support: Privilege escalation (3.2)
acpi-support: Privilege escalation (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P3 normal (vote)
: UCS 3.2-7-errata
Assigned To: Stefan Gohmann
Felix Botner
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-07-23 08:21 CEST by Moritz Muehlenhoff
Modified: 2015-09-09 11:31 CEST (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2014-07-23 08:21:43 CEST
CVE-2014-1419

Privilege escalation in policy-funcs
Comment 1 Stefan Gohmann univentionstaff 2015-08-29 20:28:40 CEST
acpi-support 0.137-5+deb6u2 from sqeeze-lts has been imported. It also fixes CVE-2014-1419 and CVE-2014-0484.

YAML: 2015-08-29-acpi-support.yaml
Comment 2 Felix Botner univentionstaff 2015-09-03 19:18:56 CEST
FAIL - this package is unmaintained, do we announce security updates
       for unmaintained packages?

OK - version 0.137-5+deb6u2 in errata3.2-5
OK - CVE-2014-1419
OK - CVE-2014-0484
OK - YAML
Comment 3 Stefan Gohmann univentionstaff 2015-09-03 20:33:56 CEST
(In reply to Felix Botner from comment #2)
> FAIL - this package is unmaintained, do we announce security updates
>        for unmaintained packages?

At least it doesn't hurt.
Comment 4 Felix Botner univentionstaff 2015-09-04 12:25:04 CEST
OK
Comment 5 Janek Walkenhorst univentionstaff 2015-09-09 11:31:15 CEST
<http://errata.software-univention.de/ucs/3.2/364.html>