Common Vulnerabilities and Exposures assigned an identifier CVE-2013-1764 to the following vulnerability: Name: CVE-2013-1764 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1764 Assigned: 20130219 Reference: http://www.openwall.com/lists/oss-security/2013/02/25/20 Reference: https://bugs.freedesktop.org/show_bug.cgi?id=61231 Reference: https://bugzilla.novell.com/show_bug.cgi?id=804983 Reference: https://gitorious.org/packagekit/packagekit/commit/d3d14631042237bcfe6fb30a60e59bb6d94af425 Reference: https://gitorious.org/packagekit/packagekit/source/NEWS Reference: SUSE:openSUSE-SU-2013:0889 Reference: http://lists.opensuse.org/opensuse-updates/2013-06/msg00026.html The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method. Zypper support is not compiled in to the versions of PackageKit in Red Hat Enterprise Linux and Fedora.
Statement: Not vulnerable. This issue did not affect the version of PackageKit in Red Hat Enterprise Linux, as Zypper support was not included.
Sorry for the Cc noise. I made a mistake when filing the bug