Comment 14 for bug 1617617

This bug was fixed in the package firewalld - 0.4.0-1ubuntu0.1

---------------
firewalld (0.4.0-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Any logged in user could modify passthrough rules
    and set ipset entries (LP: #1617617)
    - debian/patches/CVE-2016-5410.patch: Enforce appropriate PolicyKit
      authentication requirements, based on upstream 0.4.3.3 commit
    - CVE-2016-5410

 -- Lucas Kocia <email address hidden> Wed, 25 Oct 2017 21:03:52 -0400