policykit-1 - Debian Package Tracker

general

source: policykit-1 (main)
version: 127-3
maintainer: Utopia Maintenance Team (archive) (DMD)
uploaders: Martin Pitt [DMD] – Michael Biebl [DMD] – Simon McVittie [DMD] – Luca Boccassi [DMD]
arch: all any
std-ver: 4.7.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.105-31+deb11u1
o-o-sec: 0.105-31+deb11u2
oldstable: 122-3
stable: 126-2
testing: 127-2
unstable: 127-3

versioned links

0.105-31+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.105-31+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
122-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
126-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
127-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
127-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gir1.2-polkit-1.0
libpolkit-agent-1-0
libpolkit-agent-1-dev
libpolkit-gobject-1-0
libpolkit-gobject-1-dev
pkexec (2 bugs: 0, 2, 0, 0)
policykit-1-doc
polkitd (4 bugs: 0, 4, 0, 0)

action needed

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2026-4897: A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.

Created: 2026-03-27 Last update: 2026-04-29 12:30

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-4897: A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.

Created: 2026-03-27 Last update: 2026-04-29 12:30

2 security issues in bookworm high

There are 2 open security issues in bookworm.

1 important issue:

CVE-2026-4897: A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system.

1 ignored issue:

CVE-2016-2568: pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

Created: 2023-06-10 Last update: 2026-04-29 12:30

Depends on packages which need a new maintainer normal

The packages that policykit-1 depends on which need a new maintainer are:

xml-core (#660687)
- Depends: xml-core
- Build-Depends: xml-core
docbook-xml (#802368)
- Build-Depends: docbook-xml
docbook-xsl (#802370)
- Build-Depends: docbook-xsl

Created: 2022-10-13 Last update: 2026-04-30 13:30

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 127-4, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 676da35996c7f4c1f94cee7e96899307282badde
Author: Andreas Henriksson <andreas@fatal.se>
Date:   Tue Apr 28 13:48:43 2026 +0200

    Update debian/changelog

commit e4572b0413f90063e49fee495774f290ff5f48e8
Author: Andreas Henriksson <andreas@fatal.se>
Date:   Tue Apr 28 13:44:15 2026 +0200

    Actually include the patch as well.
    
    Gbp-Dch: ignore

commit f1d838baae142f0e35ea1249ddbc47103ea1af7c
Author: Andreas Henriksson <andreas@fatal.se>
Date:   Tue Apr 28 13:40:51 2026 +0200

    Add patch to fix build on hurd (ucred)

commit 66e1058149ec9b431056df1090c76e81b4774f4b
Author: Andreas Henriksson <andreas@fatal.se>
Date:   Tue Apr 28 12:57:09 2026 +0200

    Only build-dep selinux on linux-any
    
    Apparently the lintian advice was a trap.

Created: 2026-04-28 Last update: 2026-04-30 11:00

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-04-28 Last update: 2026-04-28 03:31

debian/patches: 1 patch to forward upstream low

Among the 1 debian patch available in version 127-3 of the package, we noticed the following issues:

1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2026-04-28 Last update: 2026-04-28 09:30

Issues found with some translations low

Automatic checks made by the Debian l10n team found some issues with the translations contained in this package. You should check the l10n status report for more information.

Issues can be things such as missing translations, problematic translated strings, outdated PO files, unknown languages, etc.

Created: 2026-02-10 Last update: 2026-02-10 14:00

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.4 instead of 4.7.3).

Created: 2026-03-31 Last update: 2026-04-27 21:15

testing migrations

excuses:
- Migration status for policykit-1 (127-2 to 127-3): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Autopkgtest for fwupd/2.1.1-2: amd64: Pass ♻, arm64: Pass ♻, ppc64el: Pass ♻
- ∙ ∙ Autopkgtest for gdm3/49.2-4: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Pass, s390x: Regression ♻ (reference ♻)
- ∙ ∙ Autopkgtest for policykit-1/127-3: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Pass, s390x: Pass
- ∙ ∙ Autopkgtest for runit/2.3.1-2: amd64: Failed (not a regression) ♻ (reference ♻), arm64: Pass, i386: Regression ♻ (reference ♻), ppc64el: Reference test triggered, but real test failed already ♻, riscv64: Regression ♻ (reference ♻), s390x: Reference test triggered, but real test failed already ♻
- ∙ ∙ Autopkgtest for systemd/260.1-1: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Autopkgtest for upower/1.91.2-1: amd64: Pass, arm64: Pass, i386: Pass, ppc64el: Pass, riscv64: Pass, s390x: Test triggered
- ∙ ∙ Too young, only 2 of 5 days old
- Additional info (not blocking):
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/p/policykit-1.html
- ∙ ∙ Reproduced on amd64
- ∙ ∙ Reproduced on arm64
- ∙ ∙ Reproduced on armhf
- ∙ ∙ Reproduced on i386
- ∙ ∙ Reproduced on ppc64el
- Not considered

news

[rss feed]

[2026-04-29] Accepted policykit-1 0.105-31+deb11u2 (source) into oldoldstable-security (Andreas Henriksson)
[2026-04-27] Accepted policykit-1 127-3 (source) into unstable (Andreas Henriksson)
[2026-02-18] policykit-1 127-2 MIGRATED to testing (Debian testing watch)
[2026-02-09] Accepted policykit-1 127-2 (source) into unstable (Luca Boccassi)
[2025-12-20] policykit-1 127-1 MIGRATED to testing (Debian testing watch)
[2025-12-17] Accepted policykit-1 127-1 (source) into unstable (Luca Boccassi)
[2025-01-20] policykit-1 126-2 MIGRATED to testing (Debian testing watch)
[2025-01-17] Accepted policykit-1 126-2 (source) into unstable (Michael Biebl)
[2025-01-16] policykit-1 126-1 MIGRATED to testing (Debian testing watch)
[2025-01-13] Accepted policykit-1 126-1 (source) into unstable (Luca Boccassi)
[2024-08-12] policykit-1 125-2 MIGRATED to testing (Debian testing watch)
[2024-08-08] Accepted policykit-1 125-2 (source) into unstable (Luca Boccassi)
[2024-08-08] Accepted policykit-1 125-1 (source) into unstable (Luca Boccassi)
[2024-07-09] policykit-1 124-3 MIGRATED to testing (Debian testing watch)
[2024-07-04] Accepted policykit-1 124-3 (source) into unstable (Michael Biebl)
[2024-05-06] policykit-1 124-2 MIGRATED to testing (Debian testing watch)
[2024-03-16] Accepted policykit-1 124-2 (source) into unstable (Simon McVittie)
[2024-01-23] policykit-1 124-1 MIGRATED to testing (Debian testing watch)
[2024-01-21] Accepted policykit-1 124-1 (source) into unstable (Luca Boccassi)
[2023-10-24] policykit-1 123-3 MIGRATED to testing (Debian testing watch)
[2023-10-20] Accepted policykit-1 123-3 (source) into unstable (Simon McVittie)
[2023-10-19] Accepted policykit-1 123-2 (source) into unstable (Simon McVittie)
[2023-08-05] policykit-1 123-1 MIGRATED to testing (Debian testing watch)
[2023-08-02] Accepted policykit-1 123-1 (source) into unstable (Simon McVittie)
[2023-06-21] policykit-1 122-4 MIGRATED to testing (Debian testing watch)
[2023-06-12] Accepted policykit-1 122-4 (source) into unstable (Simon McVittie)
[2023-02-03] policykit-1 122-3 MIGRATED to testing (Debian testing watch)
[2023-01-31] Accepted policykit-1 122-3 (source) into unstable (Simon McVittie)
[2023-01-23] policykit-1 122-2 MIGRATED to testing (Debian testing watch)
[2023-01-20] Accepted policykit-1 122-2 (source) into unstable (Simon McVittie)

bugs [bug history graph]

all: 21 23
RC: 0
I&N: 20 22
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian (0, 2)
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
l10n (-, 99)
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 127-2ubuntu1
78 bugs (2 patches)
patches for 127-2ubuntu1