tags 680059 + pending thanks Dear maintainer,
Given the lack of response in the bug report and the risk of having the package removed from wheezy, I've prepared an NMU based on Thomas's patch (versioned as 0.4.13-1.2) and uploaded it to DELAYED/02. Cheers, -- Raphaël Hertzog ◈ Debian Developer Get the Debian Administrator's Handbook: → http://debian-handbook.info/get/
diff -Nru revelation-0.4.13/debian/changelog revelation-0.4.13/debian/changelog --- revelation-0.4.13/debian/changelog 2012-08-17 13:45:41.000000000 +0200 +++ revelation-0.4.13/debian/changelog 2012-10-18 11:36:47.000000000 +0200 @@ -1,3 +1,11 @@ +revelation (0.4.13-1.2) unstable; urgency=high + + * Non-maintainer upload. + - Add a new patch to fix CVE-2012-3818 (Closes: #680059). It just disables + the FPM exporter until it's properly fixep upstream. + + -- Thomas Pierson <cont...@thomaspierson.fr> Fri, 20 Jul 2012 12:12:24 +0200 + revelation (0.4.13-1.1) unstable; urgency=low * Non-maintainer upload. diff -Nru revelation-0.4.13/debian/patches/fix-fpm-exporter-doesnt-encrypt-password-files.patch revelation-0.4.13/debian/patches/fix-fpm-exporter-doesnt-encrypt-password-files.patch --- revelation-0.4.13/debian/patches/fix-fpm-exporter-doesnt-encrypt-password-files.patch 1970-01-01 01:00:00.000000000 +0100 +++ revelation-0.4.13/debian/patches/fix-fpm-exporter-doesnt-encrypt-password-files.patch 2012-10-18 11:34:06.000000000 +0200 @@ -0,0 +1,24 @@ +Description: Fix FPM exporter doesn't encrypt password files + FPM exporter does not seem to work correcty and this introduce a security issue. + . + Upstream plan to fix the FPM exporter soon but meantime it is better to disable it. +Author: Thomas Pierson +Forwarded: https://bitbucket.org/erikg/revelation/issue/78/fpm-exporter-doesnt-encrypt-password-files +Bug-Debian: http://bugs.debian.org/680059 + +--- +--- a/src/lib/datahandler/fpm.py ++++ b/src/lib/datahandler/fpm.py +@@ -38,9 +38,9 @@ + "Data handler for Figaro's Password Manager data" + + name = "Figaro's Password Manager" +- importer = True +- exporter = True +- encryption = True ++ importer = False ++ exporter = False ++ encryption = False + + + def __init__(self): diff -Nru revelation-0.4.13/debian/patches/series revelation-0.4.13/debian/patches/series --- revelation-0.4.13/debian/patches/series 2012-06-08 11:31:25.000000000 +0200 +++ revelation-0.4.13/debian/patches/series 2012-10-18 11:34:06.000000000 +0200 @@ -1,3 +1,4 @@ +fix-fpm-exporter-doesnt-encrypt-password-files.patch 060_crash_at_save.dpatch #130_tooltip_deprecation.dpatch 010-icons.patch
