diff -Nru acpi-support-0.140.1/debian/changelog acpi-support-0.140.2/debian/changelog
--- acpi-support-0.140.1/debian/changelog	2012-10-09 06:40:06.000000000 -0400
+++ acpi-support-0.140.2/debian/changelog	2014-07-14 08:36:16.000000000 -0400
@@ -1,3 +1,13 @@
+acpi-support (0.140.2) precise-security; urgency=medium
+
+  * SECURITY UPDATE: root escalation via race in policy-funcs (LP: #1340812)
+    - lib/policy-funcs: use the X console user instead of the one from an
+      arbitrary kded4 process.
+    - power.sh: also source /usr/share/acpi-support/power-funcs.
+    - CVE-2014-1419
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 14 Jul 2014 08:32:07 -0400
+
 acpi-support (0.140.1) precise-proposed; urgency=low
 
   * asus-touchpad.sh: Don't handle Synaptics devices. (LP: #804109)
diff -Nru acpi-support-0.140.1/lib/policy-funcs acpi-support-0.140.2/lib/policy-funcs
--- acpi-support-0.140.1/lib/policy-funcs	2012-09-13 09:24:39.000000000 -0400
+++ acpi-support-0.140.2/lib/policy-funcs	2014-07-14 11:37:06.000000000 -0400
@@ -19,14 +19,17 @@
 }
 
 PowerDevilRunning() {
-	test -x /usr/bin/dbus-send || return 1
-	
-	for p in $(pidof kded4); do
-		test -r /proc/$p/environ || continue
-		local DBUS_SESS=$(cat /proc/$p/environ | grep -z "DBUS_SESSION_BUS_ADDRESS=")
-		test "$DBUS_SESS" != "" || continue
-		(su - $(ps -o user= $p) -c "$DBUS_SESS dbus-send --print-reply --dest=org.kde.kded /kded org.kde.kded.loadedModules" | grep -q powerdevil) && return 0
-	done
+	local user=
+	getXconsole
+	if test "$user" != "" && test -x /usr/bin/dbus-send; then
+		kded4pid=$(pgrep -n -u $user kded4)
+		if test "$kded4pid" != ""; then
+			local DBUS_SESS=$(su - $user -c "grep -z DBUS_SESSION_BUS_ADDRESS /proc/$kded4pid/environ")
+			if test "$DBUS_SESS" != "" && su - $user -c "export \"$DBUS_SESS\"; dbus-send --print-reply --dest=org.kde.kded /kded org.kde.kded.loadedModules" | grep -q powerdevil; then
+				return 0
+			fi
+		fi
+	fi
 	
 	return 1
 }
diff -Nru acpi-support-0.140.1/power.sh acpi-support-0.140.2/power.sh
--- acpi-support-0.140.1/power.sh	2012-09-13 09:24:39.000000000 -0400
+++ acpi-support-0.140.2/power.sh	2014-07-14 08:21:56.000000000 -0400
@@ -2,6 +2,7 @@
 
 test -f /usr/share/acpi-support/key-constants || exit 0
 
+. /usr/share/acpi-support/power-funcs
 . /usr/share/acpi-support/policy-funcs
 
 if [ -z "$*" ] && ( [ `CheckPolicy` = 0 ] || CheckUPowerPolicy ); then