Your message dated Sun, 02 May 2010 14:10:00 +0000
with message-id <[email protected]>
and subject line Bug#519801: fixed in network-manager 0.6.4-6+etch1
has caused the Debian Bug report #519801,
regarding CVE-2009-0365, CVE-2009-0578
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
519801: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519801
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: network-manager-applet
Version: 0.6.6-4
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for network-manager-applet:

CVE-2009-0365[1]:
The dbus request handler in (1) network-manager-applet and (2)
NetworkManager in Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10 does not
properly verify privileges, which allows local users to discover (a)
network connection passwords and (b) pre-shared keys via unspecified
queries.


CVE-2009-0578[2]:
network-manager-applet in Ubuntu 8.10 does not properly verify
privileges for dbus (1) modify and (2) delete requests, which allows
local users to change or remove the network connections of arbitrary
users via unspecified vectors. 


These are already fixed in unstable, but I guess this should be fixed in
stable as well.


[1]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0365
[2]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0578

Cheers,
Giuseppe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkm82w4ACgkQNxpp46476ap+ywCfdgKlbQPrEDto0zx/YuEWQRfl
AnEAoIEp5CEhzHYO8Xmft4d8AjX/7hs6
=9LWP
-----END PGP SIGNATURE-----



--- End Message ---
--- Begin Message ---
Source: network-manager
Source-Version: 0.6.4-6+etch1

We believe that the bug you reported is fixed in the latest version of
network-manager, which is due to be installed in the Debian FTP archive:

libnm-glib-dev_0.6.4-6+etch1_i386.deb
  to main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_i386.deb
libnm-glib0_0.6.4-6+etch1_i386.deb
  to main/n/network-manager/libnm-glib0_0.6.4-6+etch1_i386.deb
libnm-util-dev_0.6.4-6+etch1_i386.deb
  to main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_i386.deb
libnm-util0_0.6.4-6+etch1_i386.deb
  to main/n/network-manager/libnm-util0_0.6.4-6+etch1_i386.deb
network-manager-dev_0.6.4-6+etch1_i386.deb
  to main/n/network-manager/network-manager-dev_0.6.4-6+etch1_i386.deb
network-manager-gnome_0.6.4-6+etch1_i386.deb
  to main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_i386.deb
network-manager_0.6.4-6+etch1.diff.gz
  to main/n/network-manager/network-manager_0.6.4-6+etch1.diff.gz
network-manager_0.6.4-6+etch1.dsc
  to main/n/network-manager/network-manager_0.6.4-6+etch1.dsc
network-manager_0.6.4-6+etch1_i386.deb
  to main/n/network-manager/network-manager_0.6.4-6+etch1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Biebl <[email protected]> (supplier of updated network-manager package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 15 Dec 2009 23:31:58 +0100
Source: network-manager
Binary: libnm-util-dev network-manager-gnome network-manager-dev libnm-util0 
libnm-glib0 network-manager libnm-glib-dev
Architecture: source i386
Version: 0.6.4-6+etch1
Distribution: oldstable-security
Urgency: high
Maintainer: Riccardo Setti <[email protected]>
Changed-By: Michael Biebl <[email protected]>
Description: 
 libnm-glib-dev - network management framework (GLib interface)
 libnm-glib0 - network management framework (GLib shared library)
 libnm-util-dev - network management framework (development files)
 libnm-util0 - network management framework (shared library)
 network-manager - network management framework daemon
 network-manager-dev - network management framework (development files)
 network-manager-gnome - network management framework (GNOME frontend)
Closes: 519801
Changes: 
 network-manager (0.6.4-6+etch1) oldstable-security; urgency=high
 .
   * debian/patches/13-CVE-2009-0365.patch
     - SECURITY: It was discovered that NetworkManager did not properly enforce
       permissions when responding to dbus requests. A local user could perform
       dbus queries to view system and user network connection passwords and
       pre-shared keys. (Closes: #519801)
       FIXES: CVE-2009-0365
Files: 
 9ca281c6a38a498e5735a9e8caa4b7bc 1034 net optional 
network-manager_0.6.4-6+etch1.dsc
 2d8ec8b17f85ee9aa9c0e04c63b98c3a 1079499 net optional 
network-manager_0.6.4.orig.tar.gz
 448d010bfa385c406fad97b0c9667731 20424 net optional 
network-manager_0.6.4-6+etch1.diff.gz
 2f6c0940ac4e34ba3aea0c8cbf76cf60 239640 net optional 
network-manager_0.6.4-6+etch1_i386.deb
 e925bac52eb8fad1bcdf7e14f6dbbc1e 371748 gnome optional 
network-manager-gnome_0.6.4-6+etch1_i386.deb
 1e07c7c7318b89b08f443fcc2fcc4ed1 112858 devel optional 
network-manager-dev_0.6.4-6+etch1_i386.deb
 f2bae719f42c8a30dcd3b7e8004b8d58 118136 libs optional 
libnm-glib0_0.6.4-6+etch1_i386.deb
 d38c510c9e0094529575917272e74b72 118530 libdevel optional 
libnm-glib-dev_0.6.4-6+etch1_i386.deb
 2c641df7d5ab4f100778795dce5ab9bb 123882 libs optional 
libnm-util0_0.6.4-6+etch1_i386.deb
 e00655f007c778143f3b33eb2618cf2a 126232 libdevel optional 
libnm-util-dev_0.6.4-6+etch1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkso8h0ACgkQh7PER70FhVSUJwCfU2XqAyR9L6smbmzW7unHrEoj
cBsAn2Nxg5TgBo3cjoGT4VfPetjGaLCA
=b96c
-----END PGP SIGNATURE-----



--- End Message ---

Reply via email to