Your message dated Sun, 15 Mar 2009 12:26:11 +0100
with message-id <[email protected]>
and subject line Re: Bug#519801: CVE-2009-0365, CVE-2009-0578
has caused the Debian Bug report #519801,
regarding CVE-2009-0365, CVE-2009-0578
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
519801: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519801
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: network-manager-applet
Version: 0.6.6-4
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for network-manager-applet:
CVE-2009-0365[1]:
The dbus request handler in (1) network-manager-applet and (2)
NetworkManager in Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10 does not
properly verify privileges, which allows local users to discover (a)
network connection passwords and (b) pre-shared keys via unspecified
queries.
CVE-2009-0578[2]:
network-manager-applet in Ubuntu 8.10 does not properly verify
privileges for dbus (1) modify and (2) delete requests, which allows
local users to change or remove the network connections of arbitrary
users via unspecified vectors.
These are already fixed in unstable, but I guess this should be fixed in
stable as well.
[1]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0365
[2]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0578
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkm82w4ACgkQNxpp46476ap+ywCfdgKlbQPrEDto0zx/YuEWQRfl
AnEAoIEp5CEhzHYO8Xmft4d8AjX/7hs6
=9LWP
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Version: 0.7.0.99-1
* Giuseppe Iuculano <[email protected]> [2009-03-15 12:17]:
[...]
> These are already fixed in unstable, but I guess this should be fixed in
> stable as well.
>
> [1]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0365
> [2]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0578
Please use appropriate tags & versions if you file bugs just
for stable.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpFyXJ6C0yuz.pgp
Description: PGP signature
--- End Message ---
