Security update for backintime
This update for backintime to version 1.1.20 fixes several issues.
These security issues were fixed:
- CVE-2017-7572: The _checkPolkitPrivilege function in serviceHelper.py in backintime used a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use) (bsc#1032717).
- Don't store passwords given to polkit helper
- boo#1007723: General security hardening measures
These non-security issues were fixed:
- Delete udev configuration files on uninstall
- Merge doc subpackage into main package
-
Submitted by
Tejas Guruswamy (MasterPatricko)
Fixed bugs
bnc#1032717
VUL-0: CVE-2017-7572: backintime: usage of deprecated unix-process polkit authorization subject opens a race condition during authorization
bnc#1007723
AUDIT-0: backintime: DBus service helper security review
