Hi, this issue got a CVE id:
CVE-2009-4144[0]: | NetworkManager (NM) 0.7.2 does not ensure that the configured | Certification Authority (CA) certificate file for a (1) WPA Enterprise | or (2) 802.1x network remains present upon a connection attempt, which | might allow remote attackers to obtain sensitive information or cause | a denial of service (connectivity disruption) by spoofing the identity | of a wireless network. Unfortunately the vulnerability described above is not important enough to get it fixed via regular security update in Debian stable and oldstable. It does not warrant a DSA. However it would be nice if this could get fixed via a regular point update[1]. Please contact the release team for this. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4144 http://security-tracker.debian.org/tracker/CVE-2009-4144 [1] http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable
signature.asc
Description: OpenPGP digital signature
