1
PublicDateAtUSN: 2013-09-18
2
Candidate: CVE-2013-1064
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1064
6
https://usn.ubuntu.com/usn/usn-1955-1
8
apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1
9
does not properly use D-Bus for communication with a polkit authority,
10
which allows local users to bypass intended access restrictions by
11
leveraging a PolkitUnixProcess PolkitSubject race condition via a (1)
12
setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
20
Patches_apt-xapian-index:
21
upstream_apt-xapian-index: needs-triage
22
lucid_apt-xapian-index: ignored (reached end-of-life)
23
precise_apt-xapian-index: released (0.44ubuntu5.1)
24
quantal_apt-xapian-index: released (0.44ubuntu7.1)
25
raring_apt-xapian-index: released (0.45ubuntu2.1)
26
devel_apt-xapian-index: released (0.45ubuntu3)