Your message dated Fri, 06 Jan 2012 00:21:20 +0000
with message-id <[email protected]>
and subject line Bug#631422: fixed in turpial 1.6.7-1+ds1-1
has caused the Debian Bug report #631422,
regarding does not use SSL on identi.ca / ignores SSL certificates on Twitter
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
631422: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631422
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: turpial
Version: 1.5.0-1
Severity: grave
Tags: security
Hi,
Inspired by the same bug in gwibber
(https://bugs.launchpad.net/gwibber/+bug/705363),
heybuddy (https://bugs.launchpad.net/heybuddy/+bug/798300) and pino
(http://code.google.com/p/pino-twitter/issues/detail?id=339) I checked turpial
and it failed the same way :(
For identi.ca HTTPS is not even used (username/password are sent as plaintext
to the server). Editing api/protocols/identica/identica.py to use
https://identi.ca/api as API endpoint does not help much, SSL is used but
certificates aren't checked, making man in the middle attacks possible.
For Twitter HTTPS is used, but the same no-cert-verify flaw applies here.
regards
Evgeni Golov
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-rc3+ (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages turpial depends on:
ii gstreamer0.10-plugins-base 0.10.34-1 GStreamer plugins from the "base"
ii python 2.6.6-14 interactive high-level object-orie
ii python-gst0.10 0.10.21-2+b1 generic media-playing framework (P
ii python-gtk2 2.24.0-2 Python bindings for the GTK+ widge
ii python-gtkspell 2.25.3-10 Python bindings for the GtkSpell l
ii python-notify 0.1.1-2+b3 Python bindings for libnotify
ii python-oauth 1.0.1-3 Python library implementing of the
ii python-pkg-resources 0.6.16-1 Package Discovery and Resource Acc
ii python-simplejson 2.1.6-1 simple, fast, extensible JSON enco
ii python-webkit 1.1.8-2 WebKit/Gtk Python bindings
ii python2.6 2.6.7-1 An interactive high-level object-o
ii python2.7 2.7.2-1 An interactive high-level object-o
turpial recommends no packages.
turpial suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: turpial
Source-Version: 1.6.7-1+ds1-1
We believe that the bug you reported is fixed in the latest version of
turpial, which is due to be installed in the Debian FTP archive:
turpial_1.6.7-1+ds1-1.debian.tar.gz
to main/t/turpial/turpial_1.6.7-1+ds1-1.debian.tar.gz
turpial_1.6.7-1+ds1-1.dsc
to main/t/turpial/turpial_1.6.7-1+ds1-1.dsc
turpial_1.6.7-1+ds1-1_all.deb
to main/t/turpial/turpial_1.6.7-1+ds1-1_all.deb
turpial_1.6.7-1+ds1.orig.tar.gz
to main/t/turpial/turpial_1.6.7-1+ds1.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Miguel Landaeta <[email protected]> (supplier of updated turpial package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 05 Jan 2012 18:37:32 -0430
Source: turpial
Binary: turpial
Architecture: source all
Version: 1.6.7-1+ds1-1
Distribution: unstable
Urgency: high
Maintainer: Miguel Landaeta <[email protected]>
Changed-By: Miguel Landaeta <[email protected]>
Description:
turpial - Light, fast, and fully functional Twitter client written in Pytho
Closes: 631422
Changes:
turpial (1.6.7-1+ds1-1) unstable; urgency=high
.
* New upstream release. (Closes: #631422).
* Include patch to set path of SSL CA certificates.
* Update watch file.
Checksums-Sha1:
9031327370be4618699d354e484670dbc7f007d4 2065 turpial_1.6.7-1+ds1-1.dsc
a78b73d14ad845fb895b2fbed7f554dd9aad89a3 692469 turpial_1.6.7-1+ds1.orig.tar.gz
ea829eaa337395f1baf43a34c5f1a670f0232a45 4814
turpial_1.6.7-1+ds1-1.debian.tar.gz
1d6c47ad4d36733b069c1f325b4d4ffc094cfd51 681824 turpial_1.6.7-1+ds1-1_all.deb
Checksums-Sha256:
0b72e13dcbbe7c06edbcd1823b98071ddba3f34751d8f9458bd9de04ffface63 2065
turpial_1.6.7-1+ds1-1.dsc
2aa860e5175cae0a0cc23901074aca36d55ea64f56359fdc7e727869928323a7 692469
turpial_1.6.7-1+ds1.orig.tar.gz
62b0ccc9f37f720d0b1764b0663fb634a851384745b3c4851395e82f33644f63 4814
turpial_1.6.7-1+ds1-1.debian.tar.gz
baa679f7cc61c926854be963c0b89b2015b472edb32e2c152e2f520fcddf1194 681824
turpial_1.6.7-1+ds1-1_all.deb
Files:
9dcffe21100eb6e81719abd7cf15402a 2065 python optional turpial_1.6.7-1+ds1-1.dsc
292f16253b884cfba25b625d68886189 692469 python optional
turpial_1.6.7-1+ds1.orig.tar.gz
0034ff4960ee734cc22855ee63c7360d 4814 python optional
turpial_1.6.7-1+ds1-1.debian.tar.gz
e5682518b60b8c429ad2ba1dfd1fd375 681824 python optional
turpial_1.6.7-1+ds1-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCgAGBQJPBjxOAAoJELFtKbCWPtJk+DoP/1k8qc5S9oZatdCOh2o81luR
bS8D/ZWc+tAe59RRETao3i87q3E4GIGhSO4LCa0BQ+hI/nxieb5kBNXb/uYuOWvv
g+/Qt6CFEgowLByNhOWhZqWJjgETwsFmdR84hgQ/kFWvKH9R33DV9755/nyfGMCG
4hOffYfP+cumVirg1mSSqxfVcF/p6ok0rXKCMCZUTMb13sLsYFL94mbtfiBajdjq
HP0/lK/tzJGUuKWQsXlSaH3DKkV+OUdocuLfbvjceCNEUeRKWauWeGEvDvytbxMT
WdASf0BT+04yOPGq8LrqqXZgE3LeXNYgjQDzld4tMZs9+UEw/CFmSb/H99/523FC
kkbb6TpD190yE22frRivmuDAJUZpKLD+iFMPqpqaDOiquK6KQtNugn379RJm1ph8
k7pGS4lEIg+bQ2KBt+pBEgI0a1lpnFvGdZ82bMS28pLJlZbq/1xvd7VRO/Bps+Fs
wzFQ+W6MeagVbSG5nDzOMnFkLpkPepltKOzeg5P052n9rzx5HeSXms3GwSMP4Gfc
ij8Jw5eiLwZHSdOZMsVwYlkNyrwROomJXjvjby6B//0GAT+SSEDXWin/g/qFAPBu
vPp5HYPPnwPwMv1rIaS0oI0tEJmPfyBn045jRtQ5B35nbEcuBIrZuA7jrnob9Uuk
yozFBIcPzA8mSamyyqiE
=qTbE
-----END PGP SIGNATURE-----
--- End Message ---
