Bug#843645: marked as done (Username unconditionally checked)

Mon, 21 Nov 2016 13:21:35 -0800 

Your message dated Mon, 21 Nov 2016 21:18:25 +0000
with message-id <[email protected]>
and subject line Bug#843645: fixed in ring 20161116.1.e59aaa5~dfsg1-1
has caused the Debian Bug report #843645,
regarding Username unconditionally checked
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
843645: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=843645
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: ring
Version: 20161104.4.17a0616~dfsg1-2
Severity: important

Dear maintainer,

by clicking on "Create Ring Account" the system account username is
automatically checked for availability. In this window there is no
statement, that this is performed locally and nothing is sent away,
thus it is a security leak.

And indeed, wireshark reveals that the check is a simple (even not
encrypted) HTTP GET request, e.g. http://ns.ring.cx/name/123
Hopefully, Savoir-faire Linux will setup https soon?

Please, disable this check for now. For a real fix, I'd suggest to
introduce a button ("check now") instead. Additionally, a key press
handler should be registered for the TextEntry widget in order to
quickly check the name (typed/enter/altered/enter/altered/enter/...).

Thanks,
Andrey

--- End Message ---
--- Begin Message --- 
Source: ring
Source-Version: 20161116.1.e59aaa5~dfsg1-1

We believe that the bug you reported is fixed in the latest version of
ring, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alexandre Viau <[email protected]> (supplier of updated ring package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 21 Nov 2016 14:14:10 -0500
Source: ring
Binary: ring ring-daemon
Architecture: source amd64
Version: 20161116.1.e59aaa5~dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian VoIP Team <[email protected]>
Changed-By: Alexandre Viau <[email protected]>
Description:
 ring       - Secure and distributed voice, video and chat platform - desktop c
 ring-daemon - Secure and distributed voice, video and chat platform - daemon
Closes: 843645
Changes:
 ring (20161116.1.e59aaa5~dfsg1-1) unstable; urgency=medium
 .
   * New upstream snapshot
   * No longer leak system user by default (Closes: #843645)
Checksums-Sha1:
 dc06afced6d6dbe5217b993511af68ff78d4ff4d 2991 
ring_20161116.1.e59aaa5~dfsg1-1.dsc
 5eb6034aa2a3e858577970a093afbbbcd6bd83a1 7048429 
ring_20161116.1.e59aaa5~dfsg1.orig.tar.gz
 f973cd00cd5a616ba5f323a521af0fda0811bb70 10396 
ring_20161116.1.e59aaa5~dfsg1-1.debian.tar.xz
 9d2d87435532e2ea7430a7f1b632e471bc3e96b0 20199196 
ring-daemon-dbgsym_20161116.1.e59aaa5~dfsg1-1_amd64.deb
 400d78866dbb5938fcb961949ca228b97a99720b 1422594 
ring-daemon_20161116.1.e59aaa5~dfsg1-1_amd64.deb
 ad2726c84f88548278abf7c336ed9cc6e59ee22d 24141684 
ring-dbgsym_20161116.1.e59aaa5~dfsg1-1_amd64.deb
 41cc2cabfd8cdc605d5f72246ce2c85123e9d509 22055 
ring_20161116.1.e59aaa5~dfsg1-1_amd64.buildinfo
 79db372ef286c450183b13bb9cc6e77e1d34a0a1 1250824 
ring_20161116.1.e59aaa5~dfsg1-1_amd64.deb
Checksums-Sha256:
 d3209f9d62817e87db5af475c10b17290ada070a76936e9d4171ef4e87d59381 2991 
ring_20161116.1.e59aaa5~dfsg1-1.dsc
 5fe724fe39370fbd9123730ffb8715844593f39885c5cb5aa01d1ded68c933b0 7048429 
ring_20161116.1.e59aaa5~dfsg1.orig.tar.gz
 2f4a03ae4796f80da77e6bb1c444dc5d51ffe7e427358a9470c2ce313cc2230b 10396 
ring_20161116.1.e59aaa5~dfsg1-1.debian.tar.xz
 d98a5ec5c100df51f685e64c3958ce9d0e6885987bbdcba16c8455e002d8a990 20199196 
ring-daemon-dbgsym_20161116.1.e59aaa5~dfsg1-1_amd64.deb
 607e7606f12da946f320fa031f0431ec21a7d9d025cf38ff77285befc2fe8901 1422594 
ring-daemon_20161116.1.e59aaa5~dfsg1-1_amd64.deb
 f470b6f4b21c97a850514455ccdf083f873f05cd0ede12743b40694b5ed45446 24141684 
ring-dbgsym_20161116.1.e59aaa5~dfsg1-1_amd64.deb
 3116ca4301b34fe90cae3bf1678510511d0474e94ca733f78fab2719da3bd847 22055 
ring_20161116.1.e59aaa5~dfsg1-1_amd64.buildinfo
 bfc4d5eae999165d692da42f6552accb41f1a7d65b3f5664da99fbdec58991e7 1250824 
ring_20161116.1.e59aaa5~dfsg1-1_amd64.deb
Files:
 2034f78c5e3debf98fa429617f1b7b2c 2991 comm extra 
ring_20161116.1.e59aaa5~dfsg1-1.dsc
 5652bb3e805678827f590e5a5e317ad3 7048429 comm extra 
ring_20161116.1.e59aaa5~dfsg1.orig.tar.gz
 0e7bc8e9019865615d6082d600e76a1e 10396 comm extra 
ring_20161116.1.e59aaa5~dfsg1-1.debian.tar.xz
 537877295d575875d9109dce986ca70f 20199196 debug extra 
ring-daemon-dbgsym_20161116.1.e59aaa5~dfsg1-1_amd64.deb
 eeb16f863004153abdcd13fb77443482 1422594 comm extra 
ring-daemon_20161116.1.e59aaa5~dfsg1-1_amd64.deb
 ff7126932c409671b8f20eb32aae5ded 24141684 debug extra 
ring-dbgsym_20161116.1.e59aaa5~dfsg1-1_amd64.deb
 31da9ac488fa4f8d5346c1f995dd4103 22055 comm extra 
ring_20161116.1.e59aaa5~dfsg1-1_amd64.buildinfo
 2d0a2d41c87ace78fddd0279fddb3962 1250824 comm extra 
ring_20161116.1.e59aaa5~dfsg1-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEB0B3ii38SjnAyLyMjysRPGU1xacFAlgzVgERHGF2aWF1QGRl
Ymlhbi5vcmcACgkQjysRPGU1xaf25A//aig4N2h67jIaoW+H7mI5GOEN4fv5vmHC
uKFCXjNL07HHc4T4vXYS+vRJU+mqBzMUAJchVL+y6fLYJsVpqsx05bs0G27w9HFi
U2b6phtQ5H2nXpjwYlVN+PhIOfssMS/0H/aOgpVqBQpP0jQbGl2rSb3dIilpN/cJ
I3xKwhh4pp9kurAPg4FhA3H78yAiAggOzAplIV679yq2OH72WeB1DQIy8pBog8LG
jAn0hSexM+o+aMB5TqEXlZ/sjPmchw0EaTcB3nstvZNRi1hfiRHS/G0kmZNY9jjt
DUEEJmM+wBrSAnXryFBGJEB27NmgjqGYhsRzwMqouGt/n8jQK3NwmuPeeGlfQU1Y
QCEPd6p2GdBY9AzH21H9ucfkk6J8xWAUMoR8Iilg1QVP1aXaj+ZaK4+COWgMxAMh
+HrKNTGegUketBA5CfdBExWUApAGj2/b9ux/h2KjLVtz3VDBcQjbIW2RFrDKEZ6c
sU4kk3RoHGObCtmCwxFB8brVwZyCYiSxWczQqgQZJgE4veazHaLloGG9U7lYspcN
8/Hk9T5anYWVV7FBaxXqzl7Zmqj4yN1CuBIhLAs9TUKAXTkhWUQ+XRi0pMtQSHl4
Vv25VPzFxUAKEpd1CouTajntOmIiTrVZcxHHoiQ1D/BQ7cY7x55YafgmOjOuXl+T
tO0DPvg45IM=
=p/oR
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to