| Release | Version |
|---|---|
| stretch | 1.1.5-2+deb9u1 |
| stretch (security) | 1.1.5-2+deb9u2 |
| buster | 1.1.12-5 |
| bullseye | 1.2.2-2 |
| bookworm | 1.2.5-3 |
| sid | 1.2.5-3 |
| Bug | stretch | buster | bullseye | bookworm | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2022-0987 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | PackageKit: Information Disclosure in Transaction Interface via timing |
| CVE-2020-16122 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | PackageKit's apt backend mistakenly treated all local debs as trusted. ... |
| CVE-2020-16121 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | PackageKit provided detailed error messages to unprivileged callers th ... |
| Bug | Description |
|---|---|
| TEMP-0678189-8A5546 | packagekit insecure temp file |
| CVE-2018-1106 | An authentication bypass flaw has been found in PackageKit before 1.1. ... |
| CVE-2013-1764 | The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local ... |
| CVE-2011-2515 | PackageKit 0.6.17 allows installation of unsigned RPM packages as thou ... |
| DSA / DLA | Description |
|---|---|
| DLA-2399-1 | packagekit - security update |
| DSA-4207-1 | packagekit - security update |