PublicDateAtUSN: 2013-09-18
Candidate: CVE-2013-1061
PublicDate: 2013-10-03 21:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1061
 https://ubuntu.com/security/notices/USN-1960-1
Description:
 dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before
 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not
 properly use D-Bus for communication with a polkit authority, which allows
 local users to bypass intended access restrictions by leveraging a
 PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or
 (2) pkexec process, a related issue to CVE-2013-4288.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_software-properties:
upstream_software-properties: needs-triage
lucid_software-properties: ignored (reached end-of-life)
precise_software-properties: released (0.82.7.5)
quantal_software-properties: released (0.92.9.3)
raring_software-properties: released (0.92.17.3)
devel_software-properties: released (0.92.26)