Candidate: CVE-2015-3256
PublicDate: 2015-10-26 19:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3256
 https://bugs.freedesktop.org/show_bug.cgi?id=69501
 https://bugzilla.redhat.com/show_bug.cgi?id=910262#c75
Description:
 PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of
 service (memory corruption and polkitd daemon crash) and possibly gain
 privileges via unspecified vectors, related to "javascript rule
 evaluation."
Ubuntu-Description:
Notes:
 sbeattie> likely need all the commits between 2015-06-18 and
   2015-06-19 plus 2015-06-23 to address issues
 sbeattie> note that this only affected policykit versions that used
   javscript via libmozjs, which none of the ubuntu versions do
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_policykit-1:
 upstream: http://cgit.freedesktop.org/polkit/commit/?id=9f5e0c731784003bd4d6fc75ab739ff8b2ea269f
upstream_policykit-1: released (0.113)
precise_policykit-1: not-affected (no libmozjs)
trusty_policykit-1: not-affected (no libmozjs)
trusty/esm_policykit-1: not-affected (no libmozjs)
vivid_policykit-1: not-affected (no libmozjs)
devel_policykit-1: not-affected (no libmozjs)