Your message dated Sun, 18 Apr 2010 14:01:06 +0000
with message-id <[email protected]>
and subject line Bug#519801: fixed in network-manager-applet 0.6.6-4+lenny1
has caused the Debian Bug report #519801,
regarding CVE-2009-0365, CVE-2009-0578
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
519801: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519801
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: network-manager-applet
Version: 0.6.6-4
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for network-manager-applet:
CVE-2009-0365[1]:
The dbus request handler in (1) network-manager-applet and (2)
NetworkManager in Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10 does not
properly verify privileges, which allows local users to discover (a)
network connection passwords and (b) pre-shared keys via unspecified
queries.
CVE-2009-0578[2]:
network-manager-applet in Ubuntu 8.10 does not properly verify
privileges for dbus (1) modify and (2) delete requests, which allows
local users to change or remove the network connections of arbitrary
users via unspecified vectors.
These are already fixed in unstable, but I guess this should be fixed in
stable as well.
[1]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0365
[2]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0578
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkm82w4ACgkQNxpp46476ap+ywCfdgKlbQPrEDto0zx/YuEWQRfl
AnEAoIEp5CEhzHYO8Xmft4d8AjX/7hs6
=9LWP
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: network-manager-applet
Source-Version: 0.6.6-4+lenny1
We believe that the bug you reported is fixed in the latest version of
network-manager-applet, which is due to be installed in the Debian FTP archive:
network-manager-applet_0.6.6-4+lenny1.diff.gz
to main/n/network-manager-applet/network-manager-applet_0.6.6-4+lenny1.diff.gz
network-manager-applet_0.6.6-4+lenny1.dsc
to main/n/network-manager-applet/network-manager-applet_0.6.6-4+lenny1.dsc
network-manager-gnome_0.6.6-4+lenny1_i386.deb
to main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <[email protected]> (supplier of updated network-manager-applet
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 15 Dec 2009 23:40:01 +0100
Source: network-manager-applet
Binary: network-manager-gnome
Architecture: source i386
Version: 0.6.6-4+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Utopia Maintenance Team
<[email protected]>
Changed-By: Michael Biebl <[email protected]>
Description:
network-manager-gnome - network management framework (GNOME frontend)
Closes: 519801
Changes:
network-manager-applet (0.6.6-4+lenny1) stable-security; urgency=high
.
* debian/patches/10-CVE-2009-0365.patch
- SECURITY: It was discovered that NetworkManager did not properly enforce
permissions when responding to dbus requests. A local user could perform
dbus queries to view system and user network connection passwords and
pre-shared keys. (Closes: #519801)
FIXES: CVE-2009-0365
Checksums-Sha1:
598dfb6b99c968ad56692033b092f7d8f2d176f5 1734
network-manager-applet_0.6.6-4+lenny1.dsc
da572c48ae9ecb5c9ba61c0ed8fd06567dcbc4e3 781511
network-manager-applet_0.6.6.orig.tar.gz
7ddf6febdc947d7ddf4e2cb7daf6f22d52f8e2dc 8437
network-manager-applet_0.6.6-4+lenny1.diff.gz
eb67d943c67f6f83241409969784c55e4bd27a69 331344
network-manager-gnome_0.6.6-4+lenny1_i386.deb
Checksums-Sha256:
dd923cb6fc9b74a917eca4cf5e90fa32f36733f23a680ec3fc81d9d6ab43d939 1734
network-manager-applet_0.6.6-4+lenny1.dsc
8eb264d5838d1f9e2e507a570cb23dc54e11505023b71b6868cee31da2dff38d 781511
network-manager-applet_0.6.6.orig.tar.gz
851a66b459a8b7b563be893ce720d263dca83bed1b48c5ab6dc131554cb2b4bb 8437
network-manager-applet_0.6.6-4+lenny1.diff.gz
489667d7e3ff72e0e58a8094044e214ce0c817aff652c4b53fb5b8c6866aac58 331344
network-manager-gnome_0.6.6-4+lenny1_i386.deb
Files:
34200f4387757a3688c49c617bc09fc6 1734 gnome optional
network-manager-applet_0.6.6-4+lenny1.dsc
16e95a3515e4255d034b14045a9effd5 781511 gnome optional
network-manager-applet_0.6.6.orig.tar.gz
d5c7910fc754ef45eb7628f41e98023f 8437 gnome optional
network-manager-applet_0.6.6-4+lenny1.diff.gz
993767ed8f55910cced53c641074b338 331344 gnome optional
network-manager-gnome_0.6.6-4+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkso9cMACgkQh7PER70FhVQONQCfZ1Ua3rGzlLlOp9bojdEnyG9s
UskAniwtpHky7OMTYKRmtICRLMFHZRVa
=f8WP
-----END PGP SIGNATURE-----
--- End Message ---
