Overview

File _patchinfo of Package patchinfo.6684

<patchinfo incident="6684">
  <issue id="1032717" tracker="bnc">VUL-0: CVE-2017-7572: backintime: usage of deprecated unix-process polkit authorization subject opens a race condition during authorization</issue>
  <issue id="1007723" tracker="bnc">AUDIT-0: backintime: DBus service helper security review</issue>
  <issue id="2017-7572" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>MasterPatricko</packager>
  <description>
This update for backintime to version 1.1.20 fixes several issues.

These security issues were fixed:

- CVE-2017-7572: The _checkPolkitPrivilege function in serviceHelper.py in backintime used a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use) (bsc#1032717).
- Don't store passwords given to polkit helper
- boo#1007723: General security hardening measures 

These non-security issues were fixed:

- Delete udev configuration files on uninstall
- Merge doc subpackage into main package
</description>
  <summary>Security update for backintime</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places