- Package:
- release.debian.org
- Source:
- release.debian.org
- Submitter:
- Andreas Henriksson
- Date:
- 2026-05-23 10:09:05 UTC
- Severity:
- normal
- Tags:
[ Reason ] I'd like to fix an outstanding CVE that security-team tagged no-dsa which is already fixed in bullseye, trixie/stable, testing & unstable. [ Impact ] An unprivileged local user can modify the active firewall rules. [ Tests ] https://debusine.debian.net/debian/developers/work-request/708125/ [ Risks ] The change fixes the dbus access policy and should have no other affect outside of dbus access to firewalld. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Fix dbus access to 2 methods. [ Other info ] none
Hi, Please go ahead. Thanks,
package release.debian.org tags 1137166 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details ============== Package: firewalld Version: 1.3.3-1~deb12u2 Explanation: fix dbus policy checking [CVE-2026-4948]
package release.debian.org tags 1137166 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details ============== Package: firewalld Version: 1.3.3-1~deb12u2 Explanation: fix dbus policy checking [CVE-2026-4948]