[policykit-kde-agent-1] [Bug 498957] [CVE-2024-37408] Security attention for fingerprint
David Edmundson
bugzilla_noreply at kde.org
Tue Jan 21 15:11:16 GMT 2025
https://bugs.kde.org/show_bug.cgi?id=498957
David Edmundson <kde at davidedmundson.co.uk> changed:
What |Removed |Added
----------------------------------------------------------------------------
Ever confirmed|0 |1
CC| |kde at davidedmundson.co.uk
Status|REPORTED |CONFIRMED
--- Comment #2 from David Edmundson <kde at davidedmundson.co.uk> ---
Bug report is valid. Arguably if you have executable code that can launch
pkexec and manipulate window stacking order one could do a tonne of other
attacks anyway so not more urgent than the known state, but the known state
isn't exactly great.
Ultimately we need to be treating this auth dialog to be a fully blocking
system component, like how the lockscreen works.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Unassigned-bugs
mailing list