Package: policykit-1 / 0.105-15~deb8u2

0.113/README-Note-to-send-security-reports-via-DBus-s-mech.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
From: Colin Walters <walters@verbum.org>
Date: Thu, 4 Jun 2015 08:41:36 -0400
Subject: README: Note to send security reports via DBus's mechanism

This avoids duplicating effort.

Origin: upstream, 0.113, commit:ccec766c509d16dab417582e94f43d906cefd4ae
---
 README | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/README b/README
index b075162..0723002 100644
--- a/README
+++ b/README
@@ -22,6 +22,22 @@ To verify the authenticity of the compressed tarball, use this command
 BUGS and DEVELOPMENT
 ====================
 
-Please report bugs via the freedesktop.org bugzilla at
+Please report non-security bugs via the freedesktop.org bugzilla at
 
  https://bugs.freedesktop.org/enter_bug.cgi?product=PolicyKit
+
+SECURITY ISSUES
+===============
+
+polkit uses the same mechanism for reporting security issues as dbus,
+the most recent copy of instructions can be found in the DBus git
+repository:
+
+http://cgit.freedesktop.org/dbus/dbus/tree/HACKING
+
+A copy of the instructions as of 2015-06-04:
+
+If you find a security vulnerability that is not known to the public,
+please report it privately to dbus-security@lists.freedesktop.org
+or by reporting a freedesktop.org bug that is marked as
+restricted to the "D-BUS security group".