diff options
Diffstat (limited to 'debian/patches/CVE-2020-27349.patch')
| -rw-r--r-- | debian/patches/CVE-2020-27349.patch | 31 |
1 files changed, 0 insertions, 31 deletions
diff --git a/debian/patches/CVE-2020-27349.patch b/debian/patches/CVE-2020-27349.patch deleted file mode 100644 index 230ed4a..0000000 --- a/debian/patches/CVE-2020-27349.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 5d6e1ca82a07ef1739dfea20ad17f077ceccfdcf Mon Sep 17 00:00:00 2001 -From: Julian Andres Klode <julian.klode@canonical.com> -Date: Tue, 1 Dec 2020 12:25:00 +0100 -Subject: [PATCH] Check PolicyKit before simulating local install - (CVE-2020-27349) - -Given that we are opening a deb here as root that is controlled -by a non-root user, without any authorization, this is a whole -lot of safety issues. - -Bug-Ubuntu: https://bugs.launchpad.net/bugs/1899193/ ---- - aptdaemon/core.py | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/aptdaemon/core.py b/aptdaemon/core.py -index 885b30b..6043b17 100644 ---- a/aptdaemon/core.py -+++ b/aptdaemon/core.py -@@ -1073,6 +1073,8 @@ class Transaction(DBusObject): - def _simulate_real(self): - if self._simulated_cb: - raise errors.TransactionAlreadySimulating() -+ if self.role == enums.ROLE_INSTALL_FILE: -+ yield self._check_auth() - self.queue.worker.simulate(self) - deferred = Deferred() - if self._idle_watch is not None: --- -2.29.2 - |