Creating a new wireless network with WPA results in an unsecured network instead

Debian Bug report logs - #655972
Creating a new wireless network with WPA results in an unsecured network instead

Toggle useless messages

Message #3 received at submit@bugs.debian.org (full text, mbox, reply):

From: Josh Triplett <josh@joshtriplett.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: Creating a new wireless network with WPA results in an unsecured network instead

Date: Mon, 16 Jan 2012 00:49:32 +1100

Package: network-manager-gnome
Version: 0.9.2.0-1
Severity: grave
Tags: security

I followed the following steps:

- Connect to a wired network.
- Click the network-manager-gnome icon, and select "Create New Wireless
  Network..."
- Type a network name.
- Select "WPA & WPA2 Personal".
- Click "Show password".
- Paste in a secure password (from pwgen -s 12).
- Click "Create".
- Observe that NetworkManager's icon for the network includes the lock
  icon indicating a secure network.
- Attempt to connect to the network from my N900.
- Observe that network icon shows lack of security.
- Observe that I can connect to the network and access the Internet
  through the network without providing the previously-specified
  password.


Note that creating a network using WEP results in a WEP-"secured"
network, rather than an unsecured network.  This issue only seems to
happen when attempting to create a WPA network.

- Josh Triplett

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages network-manager-gnome depends on:
ii  dbus-x11             1.4.16-1
ii  dpkg                 1.16.1.2
ii  gconf2               3.2.3-1
ii  gnome-icon-theme     3.2.1.2-1
ii  libatk1.0-0          2.2.0-2
ii  libc6                2.13-24
ii  libcairo-gobject2    1.10.2-6.2
ii  libcairo2            1.10.2-6.2
ii  libdbus-1-3          1.4.16-1
ii  libdbus-glib-1-2     0.98-1
ii  libfontconfig1       2.8.0-3
ii  libfreetype6         2.4.8-1
ii  libgconf2-4          3.2.3-1
ii  libgdk-pixbuf2.0-0   2.24.0-2
ii  libglib2.0-0         2.28.6-1
ii  libgnome-bluetooth8  3.2.1-1
ii  libgnome-keyring0    3.2.0-3
ii  libgtk-3-0           3.0.12-2
ii  libnm-glib-vpn1      0.9.2.0-1
ii  libnm-glib4          0.9.2.0-1
ii  libnm-gtk0           0.9.2.0-1
ii  libnm-util2          0.9.2.0-1
ii  libnotify4           0.7.4-1
ii  libpango1.0-0        1.29.4-2
ii  network-manager      0.9.2.0-1
ii  policykit-1-gnome    0.105-1

Versions of packages network-manager-gnome recommends:
ii  gnome-bluetooth                        3.2.1-1
ii  iso-codes                              3.32-1
ii  libpam-gnome-keyring [libpam-keyring]  3.0.3-2
ii  mobile-broadband-provider-info         <none>
ii  notification-daemon                    0.7.3-1

Versions of packages network-manager-gnome suggests:
pn  network-manager-openvpn-gnome  <none>
pn  network-manager-pptp-gnome     <none>
pn  network-manager-vpnc-gnome     <none>

-- no debconf information

Message #8 received at submit@bugs.debian.org (full text, mbox, reply):

From: Josh Triplett <josh@joshtriplett.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: Re: Bug#655972: Creating a new wireless network with WPA results in an unsecured network instead

Date: Mon, 16 Jan 2012 01:38:06 +1100

On Mon, Jan 16, 2012 at 12:49:32AM +1100, Josh Triplett wrote:
> I followed the following steps:
> 
> - Connect to a wired network.
> - Click the network-manager-gnome icon, and select "Create New Wireless
>   Network..."
> - Type a network name.
> - Select "WPA & WPA2 Personal".
> - Click "Show password".
> - Paste in a secure password (from pwgen -s 12).
> - Click "Create".
> - Observe that NetworkManager's icon for the network includes the lock
>   icon indicating a secure network.
> - Attempt to connect to the network from my N900.
> - Observe that network icon shows lack of security.
> - Observe that I can connect to the network and access the Internet
>   through the network without providing the previously-specified
>   password.
> 
> Note that creating a network using WEP results in a WEP-"secured"
> network, rather than an unsecured network.  This issue only seems to
> happen when attempting to create a WPA network.

Investigating further, I discovered that if I use the
nm-connection-editor to manually create a shared network with WPA and
Infrastructure mode, it doesn't show up as an available network in the
"Create New Wireless Network..." dialog.  If I change it to Ad-Hoc mode,
it shows up.  Some searching suggests that problems exist with WPA
networks in Ad-Hoc mode, which might explain why NM couldn't manage it.
However, it should have failed closed by refusing to create a network,
rather than failing open by creating an insecure network.

- Josh Triplett

Message #13 received at 655972@bugs.debian.org (full text, mbox, reply):

From: Michael Biebl <biebl@debian.org>

To: Josh Triplett <josh@joshtriplett.org>, 655972@bugs.debian.org

Subject: Re: [Pkg-utopia-maintainers] Bug#655972: Creating a new wireless network with WPA results in an unsecured network instead

Date: Sun, 15 Jan 2012 20:53:06 +0100

[Message part 1 (text/plain, inline)]

On 15.01.2012 14:49, Josh Triplett wrote:
> Package: network-manager-gnome
> Version: 0.9.2.0-1
> Severity: grave
> Tags: security
> 
> I followed the following steps:
> 
> - Connect to a wired network.
> - Click the network-manager-gnome icon, and select "Create New Wireless
>   Network..."
> - Type a network name.
> - Select "WPA & WPA2 Personal".
> - Click "Show password".
> - Paste in a secure password (from pwgen -s 12).
> - Click "Create".
> - Observe that NetworkManager's icon for the network includes the lock
>   icon indicating a secure network.
> - Attempt to connect to the network from my N900.
> - Observe that network icon shows lack of security.
> - Observe that I can connect to the network and access the Internet
>   through the network without providing the previously-specified
>   password.
> 
> 
> Note that creating a network using WEP results in a WEP-"secured"
> network, rather than an unsecured network.  This issue only seems to
> happen when attempting to create a WPA network.


Please attach the output of iwlist scan (from the local computer and the
one you are trying to establish the connection), the output of nm-tool
and a debug log from NetworkManager [1]

Thanks,
Michael

[1] https://live.gnome.org/NetworkManager/Debugging
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

[signature.asc (application/pgp-signature, attachment)]

Message #18 received at 655972@bugs.debian.org (full text, mbox, reply):

From: Michael Biebl <biebl@debian.org>

To: Josh Triplett <josh@joshtriplett.org>, 655972@bugs.debian.org

Cc: control@bugs.debian.org

Subject: Re: [Pkg-utopia-maintainers] Bug#655972: Creating a new wireless network with WPA results in an unsecured network instead

Date: Sun, 15 Jan 2012 21:26:39 +0100

[Message part 1 (text/plain, inline)]

severity 655972 important
thanks

On 15.01.2012 14:49, Josh Triplett wrote:
> 
> Note that creating a network using WEP results in a WEP-"secured"
> network, rather than an unsecured network.  This issue only seems to
> happen when attempting to create a WPA network.

Given that this particular feature (to create a WPA secured accesspoint)
is not that often used and that an open wireless AP does not imply that
the users data is accessible, I'm downgrading the severity to important
as imho this reflects more appropriately the severity of this bug.

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

[signature.asc (application/pgp-signature, attachment)]

Message #25 received at 655972@bugs.debian.org (full text, mbox, reply):

From: Josh Triplett <josh@joshtriplett.org>

To: Michael Biebl <biebl@debian.org>

Cc: 655972@bugs.debian.org

Subject: Re: [Pkg-utopia-maintainers] Bug#655972: Creating a new wireless network with WPA results in an unsecured network instead

Date: Mon, 16 Jan 2012 07:34:47 +1100

On Sun, Jan 15, 2012 at 08:53:06PM +0100, Michael Biebl wrote:
> On 15.01.2012 14:49, Josh Triplett wrote:
> > I followed the following steps:
> > 
> > - Connect to a wired network.
> > - Click the network-manager-gnome icon, and select "Create New Wireless
> >   Network..."
> > - Type a network name.
> > - Select "WPA & WPA2 Personal".
> > - Click "Show password".
> > - Paste in a secure password (from pwgen -s 12).
> > - Click "Create".
> > - Observe that NetworkManager's icon for the network includes the lock
> >   icon indicating a secure network.
> > - Attempt to connect to the network from my N900.
> > - Observe that network icon shows lack of security.
> > - Observe that I can connect to the network and access the Internet
> >   through the network without providing the previously-specified
> >   password.
> > 
> > 
> > Note that creating a network using WEP results in a WEP-"secured"
> > network, rather than an unsecured network.  This issue only seems to
> > happen when attempting to create a WPA network.
> 
> Please attach the output of iwlist scan (from the local computer

Attached as iwlist-scan-leaf.  I tried to create a network
"josh-wpa-attempt".

> and the
> one you are trying to establish the connection),

Attached as iwlist-scan-n900.

> the output of nm-tool

Attached as nm-tool-leaf

> and a debug log from NetworkManager [1]

I'll try to supply this later today.

- Josh Triplett

Message #30 received at 655972@bugs.debian.org (full text, mbox, reply):

From: Michael Biebl <biebl@debian.org>

To: Josh Triplett <josh@joshtriplett.org>, 655972@bugs.debian.org

Subject: Re: [Pkg-utopia-maintainers] Bug#655972: Bug#655972: Creating a new wireless network with WPA results in an unsecured network instead

Date: Sun, 15 Jan 2012 21:42:03 +0100

[Message part 1 (text/plain, inline)]

On 15.01.2012 21:34, Josh Triplett wrote:
> On Sun, Jan 15, 2012 at 08:53:06PM +0100, Michael Biebl wrote:

>>
>> Please attach the output of iwlist scan (from the local computer
> 
> Attached as iwlist-scan-leaf.  I tried to create a network
> "josh-wpa-attempt".
> 
>> and the
>> one you are trying to establish the connection),
> 
> Attached as iwlist-scan-n900.
> 
>> the output of nm-tool
> 
> Attached as nm-tool-leaf


Seems those attachements are all missing.


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

[signature.asc (application/pgp-signature, attachment)]

Message #35 received at 655972@bugs.debian.org (full text, mbox, reply):

From: Josh Triplett <josh@joshtriplett.org>

To: Michael Biebl <biebl@debian.org>

Cc: 655972@bugs.debian.org, control@bugs.debian.org

Subject: Re: [Pkg-utopia-maintainers] Bug#655972: Creating a new wireless network with WPA results in an unsecured network instead

Date: Mon, 16 Jan 2012 07:42:17 +1100

On Sun, Jan 15, 2012 at 09:26:39PM +0100, Michael Biebl wrote:
> severity 655972 important
> thanks
> 
> On 15.01.2012 14:49, Josh Triplett wrote:
> > 
> > Note that creating a network using WEP results in a WEP-"secured"
> > network, rather than an unsecured network.  This issue only seems to
> > happen when attempting to create a WPA network.
> 
> Given that this particular feature (to create a WPA secured accesspoint)
> is not that often used

Given that WEP provides almost no security at all, you're suggesting
that wanting a secure wireless network does not represent the common
case?

> and that an open wireless AP does not imply that
> the users data is accessible,

An open wireless AP where the user expected a secured one (and where the
UI claims they have one) can lead to revealed user data in several
different ways.

> I'm downgrading the severity to important
> as imho this reflects more appropriately the severity of this bug.

Might I suggest instead marking it as grave due to the security
implications but marking it as present in both testing and unstable so
it doesn't affect propagation to testing?

- Josh Triplett

Message #40 received at 655972@bugs.debian.org (full text, mbox, reply):

From: Josh Triplett <josh@joshtriplett.org>

To: Michael Biebl <biebl@debian.org>

Cc: 655972@bugs.debian.org

Subject: Re: [Pkg-utopia-maintainers] Bug#655972: Bug#655972: Creating a new wireless network with WPA results in an unsecured network instead

Date: Mon, 16 Jan 2012 07:43:20 +1100

[Message part 1 (text/plain, inline)]

On Sun, Jan 15, 2012 at 09:42:03PM +0100, Michael Biebl wrote:
> On 15.01.2012 21:34, Josh Triplett wrote:
> > On Sun, Jan 15, 2012 at 08:53:06PM +0100, Michael Biebl wrote:
> >> Please attach the output of iwlist scan (from the local computer
> > 
> > Attached as iwlist-scan-leaf.  I tried to create a network
> > "josh-wpa-attempt".
> > 
> >> and the
> >> one you are trying to establish the connection),
> > 
> > Attached as iwlist-scan-n900.
> > 
> >> the output of nm-tool
> > 
> > Attached as nm-tool-leaf
> 
> Seems those attachements are all missing.

Sigh, attached this time.

- Josh Triplett

[iwlist-scan-leaf (text/plain, attachment)]

[iwlist-scan-n900 (text/plain, attachment)]

[nm-tool-leaf (text/plain, attachment)]

Message #45 received at 655972@bugs.debian.org (full text, mbox, reply):

From: Michael Biebl <biebl@debian.org>

To: Josh Triplett <josh@joshtriplett.org>

Cc: 655972@bugs.debian.org

Subject: Re: [Pkg-utopia-maintainers] Bug#655972: Creating a new wireless network with WPA results in an unsecured network instead

Date: Sun, 15 Jan 2012 21:46:45 +0100

[Message part 1 (text/plain, inline)]

On 15.01.2012 21:42, Josh Triplett wrote:
> On Sun, Jan 15, 2012 at 09:26:39PM +0100, Michael Biebl wrote:
>> severity 655972 important
>> thanks
>>
>> On 15.01.2012 14:49, Josh Triplett wrote:
>>>
>>> Note that creating a network using WEP results in a WEP-"secured"
>>> network, rather than an unsecured network.  This issue only seems to
>>> happen when attempting to create a WPA network.
>>
>> Given that this particular feature (to create a WPA secured accesspoint)
>> is not that often used
> 
> Given that WEP provides almost no security at all, you're suggesting
> that wanting a secure wireless network does not represent the common
> case?

No, what I meant is that the majority of users never use NM to create an
Ad-Hoc wireless network. The common usage of NM is to connect to
infrastructure wireless networks.

>> and that an open wireless AP does not imply that
>> the users data is accessible,
> 
> An open wireless AP where the user expected a secured one (and where the
> UI claims they have one) can lead to revealed user data in several
> different ways.
> 
>> I'm downgrading the severity to important
>> as imho this reflects more appropriately the severity of this bug.
> 
> Might I suggest instead marking it as grave due to the security
> implications but marking it as present in both testing and unstable so
> it doesn't affect propagation to testing?

As the current version in unstable is also in testing, testing
propagation is not affected by this bug anyway.


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

[signature.asc (application/pgp-signature, attachment)]

Message #50 received at 655972@bugs.debian.org (full text, mbox, reply):

From: Michael Biebl <biebl@debian.org>

To: Josh Triplett <josh@joshtriplett.org>, 655972@bugs.debian.org

Subject: Re: [Pkg-utopia-maintainers] Bug#655972: Bug#655972: Creating a new wireless network with WPA results in an unsecured network instead

Date: Sun, 15 Jan 2012 22:07:07 +0100

[Message part 1 (text/plain, inline)]

On 15.01.2012 21:34, Josh Triplett wrote:

>> and a debug log from NetworkManager [1]
> 
> I'll try to supply this later today.

Please include a verbose log of wpa_supplicant. The aforementioned [1]
has instructions for that, too.

Michael

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

[signature.asc (application/pgp-signature, attachment)]

Message #55 received at 655972@bugs.debian.org (full text, mbox, reply):

From: Josh Triplett <josh@joshtriplett.org>

To: 655972@bugs.debian.org

Subject: Ad-Hoc WPA networks disabled upstream due to kernel bugs

Date: Sat, 24 Mar 2012 10:18:11 -0700

This seems like a fairly complete explanation of the problem:
http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=69247a00eacd00617acbf1dfcee8497437b8ad39

So, as soon as all the pieces of NM 0.9.4 make it into Debian, this bug
can get closed, in favor of a bug saying that NM can't create WPA
networks. :)

- Josh Triplett

Message #60 received at 655972@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Josh Triplett <josh@joshtriplett.org>

Cc: 655972@bugs.debian.org

Subject: Re: Ad-Hoc WPA networks disabled upstream due to kernel bugs

Date: Tue, 7 Aug 2012 15:43:51 +0200

On Sat, Mar 24, 2012 at 10:18:11AM -0700, Josh Triplett wrote:
> This seems like a fairly complete explanation of the problem:
> http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=69247a00eacd00617acbf1dfcee8497437b8ad39
> 
> So, as soon as all the pieces of NM 0.9.4 make it into Debian, this bug
> can get closed, in favor of a bug saying that NM can't create WPA
> networks. :)

0.9.4 is now in Wheezy. Can you confirm that it fixes the bug?

Cheeers,
        Moritz

Message #65 received at 655972@bugs.debian.org (full text, mbox, reply):

From: Josh Triplett <josh@joshtriplett.org>

To: Moritz Muehlenhoff <jmm@inutil.org>

Cc: 655972@bugs.debian.org

Subject: Re: Ad-Hoc WPA networks disabled upstream due to kernel bugs

Date: Tue, 7 Aug 2012 07:20:13 -0700

On Tue, Aug 07, 2012 at 03:43:51PM +0200, Moritz Muehlenhoff wrote:
> On Sat, Mar 24, 2012 at 10:18:11AM -0700, Josh Triplett wrote:
> > This seems like a fairly complete explanation of the problem:
> > http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=69247a00eacd00617acbf1dfcee8497437b8ad39
> > 
> > So, as soon as all the pieces of NM 0.9.4 make it into Debian, this bug
> > can get closed, in favor of a bug saying that NM can't create WPA
> > networks. :)
> 
> 0.9.4 is now in Wheezy. Can you confirm that it fixes the bug?

Looks like it: I can confirm that NM no longer allows creating an Ad-Hoc
network that uses WPA.

- Josh Triplett

Message #70 received at 655972-done@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Josh Triplett <josh@joshtriplett.org>

Cc: 655972-done@bugs.debian.org

Subject: Re: Ad-Hoc WPA networks disabled upstream due to kernel bugs

Date: Tue, 21 Aug 2012 23:28:31 +0200

Version: 0.9.4.0-1

On Tue, Aug 07, 2012 at 07:20:13AM -0700, Josh Triplett wrote:
> On Tue, Aug 07, 2012 at 03:43:51PM +0200, Moritz Muehlenhoff wrote:
> > On Sat, Mar 24, 2012 at 10:18:11AM -0700, Josh Triplett wrote:
> > > This seems like a fairly complete explanation of the problem:
> > > http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=69247a00eacd00617acbf1dfcee8497437b8ad39
> > > 
> > > So, as soon as all the pieces of NM 0.9.4 make it into Debian, this bug
> > > can get closed, in favor of a bug saying that NM can't create WPA
> > > networks. :)
> > 
> > 0.9.4 is now in Wheezy. Can you confirm that it fixes the bug?
> 
> Looks like it: I can confirm that NM no longer allows creating an Ad-Hoc
> network that uses WPA.

Closing, then. (And updating the Debian security tracker)

Cheers,
        Moritz

Message #75 received at 655972@bugs.debian.org (full text, mbox, reply):

From: Jonathan Wiltshire <jmw@debian.org>

To: 655972@bugs.debian.org

Subject: Re: Creating a new wireless network with WPA results in an unsecured network instead

Date: Wed, 22 Aug 2012 11:15:02 -0000

Package: network-manager-gnome

Dear maintainer,

Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:

squeeze (6.0.6) - use target "stable"

Please prepare a minimal-changes upload targetting each of these suites,
and submit a debdiff to the Release Team [0] for consideration. They will
offer additional guidance or instruct you to upload your package.

I will happily assist you at any stage if the patch is straightforward and
you need help. Please keep me in CC at all times so I can
track [1] the progress of this request.

For details of this process and the rationale, please see the original
announcement [2] and my blog post [3].

0: debian-release@lists.debian.org
1: http://prsc.debian.net/tracker/655972/
2: <201101232332.11736.thijs@debian.org>
3: http://deb.li/prsc

Thanks,

with his security hat on:
--
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Message #80 received at 655972@bugs.debian.org (full text, mbox, reply):

From: Michael Biebl <biebl@debian.org>

To: Jonathan Wiltshire <jmw@debian.org>, 655972@bugs.debian.org

Subject: Re: [Pkg-utopia-maintainers] Bug#655972: Creating a new wireless network with WPA results in an unsecured network instead

Date: Wed, 22 Aug 2012 16:48:54 +0200

[Message part 1 (text/plain, inline)]

Am 22.08.2012 13:15, schrieb Jonathan Wiltshire:
> Package: network-manager-gnome
> 
> Dear maintainer,
> 
> Recently you fixed one or more security problems and as a result you closed
> this bug. These problems were not serious enough for a Debian Security
> Advisory, so they are now on my radar for fixing in the following suites
> through point releases:

I'm fine with either fixing it via a security or a regular stable
upload. Seems ubuntu did a security upload [1]

> 
> squeeze (6.0.6) - use target "stable"
> 
> Please prepare a minimal-changes upload targetting each of these suites,
> and submit a debdiff to the Release Team [0] for consideration. They will
> offer additional guidance or instruct you to upload your package.
> 
> I will happily assist you at any stage if the patch is straightforward and
> you need help. Please keep me in CC at all times so I can
> track [1] the progress of this request.

There is a patch at [2]. If you want to prepare a stable upload, then
I'm fine with that. Otherwise I'll have a look as soon as I find some time.

cheers,
Michael

[1]
http://changelogs.ubuntu.com/changelogs/pool/main/n/network-manager/network-manager_0.8-0ubuntu3.3/changelog
[2]
https://launchpadlibrarian.net/108771223/network-manager_0.8-0ubuntu3.2_0.8-0ubuntu3.3.diff.gz

[signature.asc (application/pgp-signature, attachment)]

Message #85 received at 655972@bugs.debian.org (full text, mbox, reply):

From: Jonathan Wiltshire <jmw@debian.org>

To: Michael Biebl <biebl@debian.org>

Cc: <655972@bugs.debian.org>

Subject: Re: [Pkg-utopia-maintainers] Bug#655972: Creating a new wireless network with WPA results in an unsecured network instead

Date: Wed, 22 Aug 2012 16:09:45 +0100

On 2012-08-22 15:48, Michael Biebl wrote:
> Am 22.08.2012 13:15, schrieb Jonathan Wiltshire:
>> Package: network-manager-gnome
>
> There is a patch at [2]. If you want to prepare a stable upload, then
> I'm fine with that. Otherwise I'll have a look as soon as I find some 
> time.
>

It would be great if you could prepare an upload when you are ready. 
I'm dreadfully short of time at the moment, though I will find some if 
you need assistance.

Thanks,

-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Message #100 received at 655972-close@bugs.debian.org (full text, mbox, reply):

From: Michael Biebl <biebl@debian.org>

To: 655972-close@bugs.debian.org

Subject: Bug#655972: fixed in network-manager 0.8.1-6+squeeze2

Date: Wed, 12 Sep 2012 18:47:04 +0000

Source: network-manager
Source-Version: 0.8.1-6+squeeze2

We believe that the bug you reported is fixed in the latest version of
network-manager, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 655972@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Biebl <biebl@debian.org> (supplier of updated network-manager package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 22 Aug 2012 20:57:08 +0200
Source: network-manager
Binary: network-manager network-manager-dev libnm-glib2 libnm-glib-dev libnm-glib-vpn1 libnm-glib-vpn-dev libnm-util1 libnm-util-dev network-manager-dbg
Architecture: source amd64
Version: 0.8.1-6+squeeze2
Distribution: stable
Urgency: low
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Michael Biebl <biebl@debian.org>
Description: 
 libnm-glib-dev - network management framework (GLib interface)
 libnm-glib-vpn-dev - network management framework (GLib interface)
 libnm-glib-vpn1 - network management framework (GLib VPN shared library)
 libnm-glib2 - network management framework (GLib shared library)
 libnm-util-dev - network management framework (development files)
 libnm-util1 - network management framework (shared library)
 network-manager - network management framework daemon
 network-manager-dbg - network management framework daemon - debugging symbols
 network-manager-dev - network management framework (development files)
Closes: 655972
Changes: 
 network-manager (0.8.1-6+squeeze2) stable; urgency=low
 .
   * debian/patches/84-CVE-2012-2736.patch
     - Disable Ad-Hoc WPA connections as the kernel is broken for Ad-Hoc WPA,
       and creates the connections as open connections instead.
     - Fixes CVE-2012-2736. (Closes: #655972)
Checksums-Sha1: 
 5bbbc6add816bd0ec0db4e8d8eac3dadf20443dd 2409 network-manager_0.8.1-6+squeeze2.dsc
 092a70b3d6095d8cb81bbfa73a0c1244e517c054 35142 network-manager_0.8.1-6+squeeze2.debian.tar.gz
 ad5cd1e5416db7bb82d5fa10697526109927d821 933906 network-manager_0.8.1-6+squeeze2_amd64.deb
 5baa4ad210670ff70733479498fc27233ff6dcbe 230596 network-manager-dev_0.8.1-6+squeeze2_amd64.deb
 12bc12c4b0e296f237e81e132095caeac25cd452 288612 libnm-glib2_0.8.1-6+squeeze2_amd64.deb
 2897e61eb85c590b8581bafd3a110d065c7f037b 379360 libnm-glib-dev_0.8.1-6+squeeze2_amd64.deb
 766ef54968d85dd2d29676504db809431aecd537 237138 libnm-glib-vpn1_0.8.1-6+squeeze2_amd64.deb
 098631b7e77ea13f47dac4111bf8cf31ace233ab 239406 libnm-glib-vpn-dev_0.8.1-6+squeeze2_amd64.deb
 3a6b5879a0c6389ff3b5d686e6390472e366af1a 324148 libnm-util1_0.8.1-6+squeeze2_amd64.deb
 0f64048ad8a78647b71336427d4f1414ff525dda 499032 libnm-util-dev_0.8.1-6+squeeze2_amd64.deb
 8979c22b36f4fd00f4133d398d7a69aec79c95f6 1196866 network-manager-dbg_0.8.1-6+squeeze2_amd64.deb
Checksums-Sha256: 
 2625c2fb3db8a2c399faa8f1e218b30b37f67ad9ff42cb5a0acd519f57ff350a 2409 network-manager_0.8.1-6+squeeze2.dsc
 b6c586b5ba2d7bc4c2fc6466894406337e5f63370da2aecb4324bb336769b491 35142 network-manager_0.8.1-6+squeeze2.debian.tar.gz
 0f5628ca48a43c7a5faa8a1200682abe441e43db2ed7dce089895391dd628c34 933906 network-manager_0.8.1-6+squeeze2_amd64.deb
 72cdb4cb17ebbae7d98142430e0ab116b5795fb7e5739ec14a99471b04891768 230596 network-manager-dev_0.8.1-6+squeeze2_amd64.deb
 7357aa3be0b6317b15ced04aec44fa1076ff87c7fddd023cf0588ec8b134ae9f 288612 libnm-glib2_0.8.1-6+squeeze2_amd64.deb
 991a469412f36aba5d47257b4f055b0fd1ba4400db87b3bc23f5f3489eea4136 379360 libnm-glib-dev_0.8.1-6+squeeze2_amd64.deb
 de7655f40f294f6c88187f286b0cc3ca551c26e87803d7d16d3db678aff58d60 237138 libnm-glib-vpn1_0.8.1-6+squeeze2_amd64.deb
 ad0a26f90381aa2e518e0b95c48a74028468b01d8aa86cd064f42f7c72f24233 239406 libnm-glib-vpn-dev_0.8.1-6+squeeze2_amd64.deb
 947e3b8e42f5bed84fe19250332a827c01f338f70d1ed3ad225420b19d2b886b 324148 libnm-util1_0.8.1-6+squeeze2_amd64.deb
 9a8e1fe28d0b1edd08ea10d2203d4e40d1a70ff330a740064c75b0ac48c6e998 499032 libnm-util-dev_0.8.1-6+squeeze2_amd64.deb
 51f6a0bd0d827f030e07d6682fb43d0c47309ecc2ac12f0b185b41081535b064 1196866 network-manager-dbg_0.8.1-6+squeeze2_amd64.deb
Files: 
 65dc8d7f1d7924904b2214a79aec434f 2409 net optional network-manager_0.8.1-6+squeeze2.dsc
 e290776e80e10a2f8ab0357765c1f616 35142 net optional network-manager_0.8.1-6+squeeze2.debian.tar.gz
 015f200cfd726ad8fe36a9cb0a7d8d9c 933906 net optional network-manager_0.8.1-6+squeeze2_amd64.deb
 5d2cfbb400a818c191fa47fd7f0a8fe5 230596 devel optional network-manager-dev_0.8.1-6+squeeze2_amd64.deb
 0218f9c9f850d57ac08f63c2af78569f 288612 libs optional libnm-glib2_0.8.1-6+squeeze2_amd64.deb
 5e0ba2a753e679ecc04f1917b4a91d8d 379360 libdevel optional libnm-glib-dev_0.8.1-6+squeeze2_amd64.deb
 98cca6d9fdea27bbe2ae64df8cd7ec76 237138 libs optional libnm-glib-vpn1_0.8.1-6+squeeze2_amd64.deb
 701a5ef6a0bf38088d7543ae47eb7240 239406 libdevel optional libnm-glib-vpn-dev_0.8.1-6+squeeze2_amd64.deb
 8d04bef4f0c726f4219d5214c88ef2fc 324148 libs optional libnm-util1_0.8.1-6+squeeze2_amd64.deb
 17d8a207d005d26ef50baacdf931b0cc 499032 libdevel optional libnm-util-dev_0.8.1-6+squeeze2_amd64.deb
 3c8a4d550257311061fda72f5fe94e5f 1196866 debug extra network-manager-dbg_0.8.1-6+squeeze2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJQUKaUAAoJEGrh4w1gjyLcPJoP/0cnM1k5rCwZlNRa1I0mUU8X
AAlnAN9619V3YuTT3QC1koEmzluFSS6Z5qDAbYd9Th0STlnM/IakNfb77NO3SdsK
dL/G//2nq9fLXh5Y8jGF+YqaroGtsW/gREaTV+idzqxkrV6NE2z/h5oQek6ingP7
zoEJ4hRZUpUp4SdDWi4xl7FSa7qMoAlcjBqEP8Mnbx6P8JNgrIHPmTvcFJperUuC
uhObUfiVJUJGnHc+9MBvkQta76DScJhrf4FSWtnjg4Bevw0K0zEfPVZzCsT9gd3m
C2bWNGKzqFDWRS/9l7aH92ZErw6K33PHU0wZFBMJjODCcelFlF6FWwZrd6XJXgFY
4JPQYJwQOk3iJfKYcmpH115+QidvWHwOXa5en0W5GfeuEb7Ebm8UvqHFqcWIDTuH
8wKtwZ67Mqv7+EE/bSOvUjQrUysZZTfAYmPihKrrUGVMVZlLehlFxgXItsEl0dNg
QPBuT4gZMF1UE8ge2LVXN72nH+yugArncQezCzrrEsN1I1Xm1bNdY9Sh5aNK0grU
cFALZLL5YoacxYR2uFjlp3hRabbm0TGxoMhkJZ/Ice22V0mUcLbpnLj9D/v/JMkO
6ZzcbFJKkGisRrmk0PtxtgCt4UVdcpogjcY+WqNAMm7czUISeXVm/FFCvoCNyJgy
8qtPPqcz95k+MCFT0tLj
=mZcr
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.