Debian Bug report logs -
#655972
Creating a new wireless network with WPA results in an unsecured network instead
Reported by: Josh Triplett <josh@joshtriplett.org>
Date: Sun, 15 Jan 2012 13:51:01 UTC
Severity: important
Tags: security
Found in version network-manager/0.8.1-6+squeeze1
Fixed in versions network-manager/0.9.4.0-1, network-manager/0.8.1-6+squeeze2
Done: Michael Biebl <biebl@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, josh@joshtriplett.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
:
Bug#655972
; Package network-manager-gnome
.
(Sun, 15 Jan 2012 13:51:04 GMT) (full text, mbox, link).
Message #3 received at submit@bugs.debian.org (full text, mbox, reply):
Package: network-manager-gnome
Version: 0.9.2.0-1
Severity: grave
Tags: security
I followed the following steps:
- Connect to a wired network.
- Click the network-manager-gnome icon, and select "Create New Wireless
Network..."
- Type a network name.
- Select "WPA & WPA2 Personal".
- Click "Show password".
- Paste in a secure password (from pwgen -s 12).
- Click "Create".
- Observe that NetworkManager's icon for the network includes the lock
icon indicating a secure network.
- Attempt to connect to the network from my N900.
- Observe that network icon shows lack of security.
- Observe that I can connect to the network and access the Internet
through the network without providing the previously-specified
password.
Note that creating a network using WEP results in a WEP-"secured"
network, rather than an unsecured network. This issue only seems to
happen when attempting to create a WPA network.
- Josh Triplett
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages network-manager-gnome depends on:
ii dbus-x11 1.4.16-1
ii dpkg 1.16.1.2
ii gconf2 3.2.3-1
ii gnome-icon-theme 3.2.1.2-1
ii libatk1.0-0 2.2.0-2
ii libc6 2.13-24
ii libcairo-gobject2 1.10.2-6.2
ii libcairo2 1.10.2-6.2
ii libdbus-1-3 1.4.16-1
ii libdbus-glib-1-2 0.98-1
ii libfontconfig1 2.8.0-3
ii libfreetype6 2.4.8-1
ii libgconf2-4 3.2.3-1
ii libgdk-pixbuf2.0-0 2.24.0-2
ii libglib2.0-0 2.28.6-1
ii libgnome-bluetooth8 3.2.1-1
ii libgnome-keyring0 3.2.0-3
ii libgtk-3-0 3.0.12-2
ii libnm-glib-vpn1 0.9.2.0-1
ii libnm-glib4 0.9.2.0-1
ii libnm-gtk0 0.9.2.0-1
ii libnm-util2 0.9.2.0-1
ii libnotify4 0.7.4-1
ii libpango1.0-0 1.29.4-2
ii network-manager 0.9.2.0-1
ii policykit-1-gnome 0.105-1
Versions of packages network-manager-gnome recommends:
ii gnome-bluetooth 3.2.1-1
ii iso-codes 3.32-1
ii libpam-gnome-keyring [libpam-keyring] 3.0.3-2
ii mobile-broadband-provider-info <none>
ii notification-daemon 0.7.3-1
Versions of packages network-manager-gnome suggests:
pn network-manager-openvpn-gnome <none>
pn network-manager-pptp-gnome <none>
pn network-manager-vpnc-gnome <none>
-- no debconf information
Information forwarded
to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
:
Bug#655972
; Package network-manager-gnome
.
(Sun, 15 Jan 2012 14:42:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Josh Triplett <josh@joshtriplett.org>
:
Extra info received and forwarded to list. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
.
(Sun, 15 Jan 2012 14:42:03 GMT) (full text, mbox, link).
Message #8 received at submit@bugs.debian.org (full text, mbox, reply):
On Mon, Jan 16, 2012 at 12:49:32AM +1100, Josh Triplett wrote:
> I followed the following steps:
>
> - Connect to a wired network.
> - Click the network-manager-gnome icon, and select "Create New Wireless
> Network..."
> - Type a network name.
> - Select "WPA & WPA2 Personal".
> - Click "Show password".
> - Paste in a secure password (from pwgen -s 12).
> - Click "Create".
> - Observe that NetworkManager's icon for the network includes the lock
> icon indicating a secure network.
> - Attempt to connect to the network from my N900.
> - Observe that network icon shows lack of security.
> - Observe that I can connect to the network and access the Internet
> through the network without providing the previously-specified
> password.
>
> Note that creating a network using WEP results in a WEP-"secured"
> network, rather than an unsecured network. This issue only seems to
> happen when attempting to create a WPA network.
Investigating further, I discovered that if I use the
nm-connection-editor to manually create a shared network with WPA and
Infrastructure mode, it doesn't show up as an available network in the
"Create New Wireless Network..." dialog. If I change it to Ad-Hoc mode,
it shows up. Some searching suggests that problems exist with WPA
networks in Ad-Hoc mode, which might explain why NM couldn't manage it.
However, it should have failed closed by refusing to create a network,
rather than failing open by creating an insecure network.
- Josh Triplett
Information forwarded
to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
:
Bug#655972
; Package network-manager-gnome
.
(Sun, 15 Jan 2012 19:57:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Biebl <biebl@debian.org>
:
Extra info received and forwarded to list. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
.
(Sun, 15 Jan 2012 19:57:06 GMT) (full text, mbox, link).
Message #13 received at 655972@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On 15.01.2012 14:49, Josh Triplett wrote:
> Package: network-manager-gnome
> Version: 0.9.2.0-1
> Severity: grave
> Tags: security
>
> I followed the following steps:
>
> - Connect to a wired network.
> - Click the network-manager-gnome icon, and select "Create New Wireless
> Network..."
> - Type a network name.
> - Select "WPA & WPA2 Personal".
> - Click "Show password".
> - Paste in a secure password (from pwgen -s 12).
> - Click "Create".
> - Observe that NetworkManager's icon for the network includes the lock
> icon indicating a secure network.
> - Attempt to connect to the network from my N900.
> - Observe that network icon shows lack of security.
> - Observe that I can connect to the network and access the Internet
> through the network without providing the previously-specified
> password.
>
>
> Note that creating a network using WEP results in a WEP-"secured"
> network, rather than an unsecured network. This issue only seems to
> happen when attempting to create a WPA network.
Please attach the output of iwlist scan (from the local computer and the
one you are trying to establish the connection), the output of nm-tool
and a debug log from NetworkManager [1]
Thanks,
Michael
[1] https://live.gnome.org/NetworkManager/Debugging
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
:
Bug#655972
; Package network-manager-gnome
.
(Sun, 15 Jan 2012 20:30:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Biebl <biebl@debian.org>
:
Extra info received and forwarded to list. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
.
(Sun, 15 Jan 2012 20:30:03 GMT) (full text, mbox, link).
Message #18 received at 655972@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
severity 655972 important
thanks
On 15.01.2012 14:49, Josh Triplett wrote:
>
> Note that creating a network using WEP results in a WEP-"secured"
> network, rather than an unsecured network. This issue only seems to
> happen when attempting to create a WPA network.
Given that this particular feature (to create a WPA secured accesspoint)
is not that often used and that an open wireless AP does not imply that
the users data is accessible, I'm downgrading the severity to important
as imho this reflects more appropriately the severity of this bug.
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
[signature.asc (application/pgp-signature, attachment)]
Severity set to 'important' from 'grave'
Request was from Michael Biebl <biebl@debian.org>
to control@bugs.debian.org
.
(Sun, 15 Jan 2012 20:30:08 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
:
Bug#655972
; Package network-manager-gnome
.
(Sun, 15 Jan 2012 20:39:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Josh Triplett <josh@joshtriplett.org>
:
Extra info received and forwarded to list. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
.
(Sun, 15 Jan 2012 20:39:09 GMT) (full text, mbox, link).
Message #25 received at 655972@bugs.debian.org (full text, mbox, reply):
On Sun, Jan 15, 2012 at 08:53:06PM +0100, Michael Biebl wrote:
> On 15.01.2012 14:49, Josh Triplett wrote:
> > I followed the following steps:
> >
> > - Connect to a wired network.
> > - Click the network-manager-gnome icon, and select "Create New Wireless
> > Network..."
> > - Type a network name.
> > - Select "WPA & WPA2 Personal".
> > - Click "Show password".
> > - Paste in a secure password (from pwgen -s 12).
> > - Click "Create".
> > - Observe that NetworkManager's icon for the network includes the lock
> > icon indicating a secure network.
> > - Attempt to connect to the network from my N900.
> > - Observe that network icon shows lack of security.
> > - Observe that I can connect to the network and access the Internet
> > through the network without providing the previously-specified
> > password.
> >
> >
> > Note that creating a network using WEP results in a WEP-"secured"
> > network, rather than an unsecured network. This issue only seems to
> > happen when attempting to create a WPA network.
>
> Please attach the output of iwlist scan (from the local computer
Attached as iwlist-scan-leaf. I tried to create a network
"josh-wpa-attempt".
> and the
> one you are trying to establish the connection),
Attached as iwlist-scan-n900.
> the output of nm-tool
Attached as nm-tool-leaf
> and a debug log from NetworkManager [1]
I'll try to supply this later today.
- Josh Triplett
Information forwarded
to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
:
Bug#655972
; Package network-manager-gnome
.
(Sun, 15 Jan 2012 20:45:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Biebl <biebl@debian.org>
:
Extra info received and forwarded to list. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
.
(Sun, 15 Jan 2012 20:45:09 GMT) (full text, mbox, link).
Message #30 received at 655972@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On 15.01.2012 21:34, Josh Triplett wrote:
> On Sun, Jan 15, 2012 at 08:53:06PM +0100, Michael Biebl wrote:
>>
>> Please attach the output of iwlist scan (from the local computer
>
> Attached as iwlist-scan-leaf. I tried to create a network
> "josh-wpa-attempt".
>
>> and the
>> one you are trying to establish the connection),
>
> Attached as iwlist-scan-n900.
>
>> the output of nm-tool
>
> Attached as nm-tool-leaf
Seems those attachements are all missing.
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
:
Bug#655972
; Package network-manager-gnome
.
(Sun, 15 Jan 2012 20:45:11 GMT) (full text, mbox, link).
Acknowledgement sent
to Josh Triplett <josh@joshtriplett.org>
:
Extra info received and forwarded to list. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
.
(Sun, 15 Jan 2012 20:45:11 GMT) (full text, mbox, link).
Message #35 received at 655972@bugs.debian.org (full text, mbox, reply):
On Sun, Jan 15, 2012 at 09:26:39PM +0100, Michael Biebl wrote:
> severity 655972 important
> thanks
>
> On 15.01.2012 14:49, Josh Triplett wrote:
> >
> > Note that creating a network using WEP results in a WEP-"secured"
> > network, rather than an unsecured network. This issue only seems to
> > happen when attempting to create a WPA network.
>
> Given that this particular feature (to create a WPA secured accesspoint)
> is not that often used
Given that WEP provides almost no security at all, you're suggesting
that wanting a secure wireless network does not represent the common
case?
> and that an open wireless AP does not imply that
> the users data is accessible,
An open wireless AP where the user expected a secured one (and where the
UI claims they have one) can lead to revealed user data in several
different ways.
> I'm downgrading the severity to important
> as imho this reflects more appropriately the severity of this bug.
Might I suggest instead marking it as grave due to the security
implications but marking it as present in both testing and unstable so
it doesn't affect propagation to testing?
- Josh Triplett
Information forwarded
to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
:
Bug#655972
; Package network-manager-gnome
.
(Sun, 15 Jan 2012 20:45:13 GMT) (full text, mbox, link).
Acknowledgement sent
to Josh Triplett <josh@joshtriplett.org>
:
Extra info received and forwarded to list. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
.
(Sun, 15 Jan 2012 20:45:13 GMT) (full text, mbox, link).
Message #40 received at 655972@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Sun, Jan 15, 2012 at 09:42:03PM +0100, Michael Biebl wrote:
> On 15.01.2012 21:34, Josh Triplett wrote:
> > On Sun, Jan 15, 2012 at 08:53:06PM +0100, Michael Biebl wrote:
> >> Please attach the output of iwlist scan (from the local computer
> >
> > Attached as iwlist-scan-leaf. I tried to create a network
> > "josh-wpa-attempt".
> >
> >> and the
> >> one you are trying to establish the connection),
> >
> > Attached as iwlist-scan-n900.
> >
> >> the output of nm-tool
> >
> > Attached as nm-tool-leaf
>
> Seems those attachements are all missing.
Sigh, attached this time.
- Josh Triplett
[iwlist-scan-leaf (text/plain, attachment)]
[iwlist-scan-n900 (text/plain, attachment)]
[nm-tool-leaf (text/plain, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
:
Bug#655972
; Package network-manager-gnome
.
(Sun, 15 Jan 2012 20:51:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Biebl <biebl@debian.org>
:
Extra info received and forwarded to list. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
.
(Sun, 15 Jan 2012 20:51:03 GMT) (full text, mbox, link).
Message #45 received at 655972@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On 15.01.2012 21:42, Josh Triplett wrote:
> On Sun, Jan 15, 2012 at 09:26:39PM +0100, Michael Biebl wrote:
>> severity 655972 important
>> thanks
>>
>> On 15.01.2012 14:49, Josh Triplett wrote:
>>>
>>> Note that creating a network using WEP results in a WEP-"secured"
>>> network, rather than an unsecured network. This issue only seems to
>>> happen when attempting to create a WPA network.
>>
>> Given that this particular feature (to create a WPA secured accesspoint)
>> is not that often used
>
> Given that WEP provides almost no security at all, you're suggesting
> that wanting a secure wireless network does not represent the common
> case?
No, what I meant is that the majority of users never use NM to create an
Ad-Hoc wireless network. The common usage of NM is to connect to
infrastructure wireless networks.
>> and that an open wireless AP does not imply that
>> the users data is accessible,
>
> An open wireless AP where the user expected a secured one (and where the
> UI claims they have one) can lead to revealed user data in several
> different ways.
>
>> I'm downgrading the severity to important
>> as imho this reflects more appropriately the severity of this bug.
>
> Might I suggest instead marking it as grave due to the security
> implications but marking it as present in both testing and unstable so
> it doesn't affect propagation to testing?
As the current version in unstable is also in testing, testing
propagation is not affected by this bug anyway.
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
:
Bug#655972
; Package network-manager-gnome
.
(Sun, 15 Jan 2012 21:09:26 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Biebl <biebl@debian.org>
:
Extra info received and forwarded to list. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
.
(Sun, 15 Jan 2012 21:09:28 GMT) (full text, mbox, link).
Message #50 received at 655972@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On 15.01.2012 21:34, Josh Triplett wrote:
>> and a debug log from NetworkManager [1]
>
> I'll try to supply this later today.
Please include a verbose log of wpa_supplicant. The aforementioned [1]
has instructions for that, too.
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
:
Bug#655972
; Package network-manager-gnome
.
(Sat, 24 Mar 2012 17:21:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Josh Triplett <josh@joshtriplett.org>
:
Extra info received and forwarded to list. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
.
(Sat, 24 Mar 2012 17:21:02 GMT) (full text, mbox, link).
Message #55 received at 655972@bugs.debian.org (full text, mbox, reply):
This seems like a fairly complete explanation of the problem:
http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=69247a00eacd00617acbf1dfcee8497437b8ad39
So, as soon as all the pieces of NM 0.9.4 make it into Debian, this bug
can get closed, in favor of a bug saying that NM can't create WPA
networks. :)
- Josh Triplett
Information forwarded
to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
:
Bug#655972
; Package network-manager-gnome
.
(Tue, 07 Aug 2012 13:48:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
Extra info received and forwarded to list. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
.
(Tue, 07 Aug 2012 13:48:02 GMT) (full text, mbox, link).
Message #60 received at 655972@bugs.debian.org (full text, mbox, reply):
On Sat, Mar 24, 2012 at 10:18:11AM -0700, Josh Triplett wrote:
> This seems like a fairly complete explanation of the problem:
> http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=69247a00eacd00617acbf1dfcee8497437b8ad39
>
> So, as soon as all the pieces of NM 0.9.4 make it into Debian, this bug
> can get closed, in favor of a bug saying that NM can't create WPA
> networks. :)
0.9.4 is now in Wheezy. Can you confirm that it fixes the bug?
Cheeers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
:
Bug#655972
; Package network-manager-gnome
.
(Tue, 07 Aug 2012 14:36:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Josh Triplett <josh@joshtriplett.org>
:
Extra info received and forwarded to list. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
.
(Tue, 07 Aug 2012 14:36:09 GMT) (full text, mbox, link).
Message #65 received at 655972@bugs.debian.org (full text, mbox, reply):
On Tue, Aug 07, 2012 at 03:43:51PM +0200, Moritz Muehlenhoff wrote:
> On Sat, Mar 24, 2012 at 10:18:11AM -0700, Josh Triplett wrote:
> > This seems like a fairly complete explanation of the problem:
> > http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=69247a00eacd00617acbf1dfcee8497437b8ad39
> >
> > So, as soon as all the pieces of NM 0.9.4 make it into Debian, this bug
> > can get closed, in favor of a bug saying that NM can't create WPA
> > networks. :)
>
> 0.9.4 is now in Wheezy. Can you confirm that it fixes the bug?
Looks like it: I can confirm that NM no longer allows creating an Ad-Hoc
network that uses WPA.
- Josh Triplett
Reply sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
You have taken responsibility.
(Tue, 21 Aug 2012 21:33:11 GMT) (full text, mbox, link).
Notification sent
to Josh Triplett <josh@joshtriplett.org>
:
Bug acknowledged by developer.
(Tue, 21 Aug 2012 21:33:11 GMT) (full text, mbox, link).
Message #70 received at 655972-done@bugs.debian.org (full text, mbox, reply):
Version: 0.9.4.0-1
On Tue, Aug 07, 2012 at 07:20:13AM -0700, Josh Triplett wrote:
> On Tue, Aug 07, 2012 at 03:43:51PM +0200, Moritz Muehlenhoff wrote:
> > On Sat, Mar 24, 2012 at 10:18:11AM -0700, Josh Triplett wrote:
> > > This seems like a fairly complete explanation of the problem:
> > > http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=69247a00eacd00617acbf1dfcee8497437b8ad39
> > >
> > > So, as soon as all the pieces of NM 0.9.4 make it into Debian, this bug
> > > can get closed, in favor of a bug saying that NM can't create WPA
> > > networks. :)
> >
> > 0.9.4 is now in Wheezy. Can you confirm that it fixes the bug?
>
> Looks like it: I can confirm that NM no longer allows creating an Ad-Hoc
> network that uses WPA.
Closing, then. (And updating the Debian security tracker)
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
:
Bug#655972
; Package network-manager-gnome
.
(Wed, 22 Aug 2012 11:18:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Jonathan Wiltshire <jmw@debian.org>
:
Extra info received and forwarded to list. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
.
(Wed, 22 Aug 2012 11:18:03 GMT) (full text, mbox, link).
Message #75 received at 655972@bugs.debian.org (full text, mbox, reply):
Package: network-manager-gnome
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
squeeze (6.0.6) - use target "stable"
Please prepare a minimal-changes upload targetting each of these suites,
and submit a debdiff to the Release Team [0] for consideration. They will
offer additional guidance or instruct you to upload your package.
I will happily assist you at any stage if the patch is straightforward and
you need help. Please keep me in CC at all times so I can
track [1] the progress of this request.
For details of this process and the rationale, please see the original
announcement [2] and my blog post [3].
0: debian-release@lists.debian.org
1: http://prsc.debian.net/tracker/655972/
2: <201101232332.11736.thijs@debian.org>
3: http://deb.li/prsc
Thanks,
with his security hat on:
--
Jonathan Wiltshire jmw@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Information forwarded
to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
:
Bug#655972
; Package network-manager-gnome
.
(Wed, 22 Aug 2012 14:51:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Biebl <biebl@debian.org>
:
Extra info received and forwarded to list. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
.
(Wed, 22 Aug 2012 14:51:06 GMT) (full text, mbox, link).
Message #80 received at 655972@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Am 22.08.2012 13:15, schrieb Jonathan Wiltshire:
> Package: network-manager-gnome
>
> Dear maintainer,
>
> Recently you fixed one or more security problems and as a result you closed
> this bug. These problems were not serious enough for a Debian Security
> Advisory, so they are now on my radar for fixing in the following suites
> through point releases:
I'm fine with either fixing it via a security or a regular stable
upload. Seems ubuntu did a security upload [1]
>
> squeeze (6.0.6) - use target "stable"
>
> Please prepare a minimal-changes upload targetting each of these suites,
> and submit a debdiff to the Release Team [0] for consideration. They will
> offer additional guidance or instruct you to upload your package.
>
> I will happily assist you at any stage if the patch is straightforward and
> you need help. Please keep me in CC at all times so I can
> track [1] the progress of this request.
There is a patch at [2]. If you want to prepare a stable upload, then
I'm fine with that. Otherwise I'll have a look as soon as I find some time.
cheers,
Michael
[1]
http://changelogs.ubuntu.com/changelogs/pool/main/n/network-manager/network-manager_0.8-0ubuntu3.3/changelog
[2]
https://launchpadlibrarian.net/108771223/network-manager_0.8-0ubuntu3.2_0.8-0ubuntu3.3.diff.gz
[signature.asc (application/pgp-signature, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
:
Bug#655972
; Package network-manager-gnome
.
(Wed, 22 Aug 2012 15:21:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Jonathan Wiltshire <jmw@debian.org>
:
Extra info received and forwarded to list. Copy sent to Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
.
(Wed, 22 Aug 2012 15:21:03 GMT) (full text, mbox, link).
Message #85 received at 655972@bugs.debian.org (full text, mbox, reply):
On 2012-08-22 15:48, Michael Biebl wrote:
> Am 22.08.2012 13:15, schrieb Jonathan Wiltshire:
>> Package: network-manager-gnome
>
> There is a patch at [2]. If you want to prepare a stable upload, then
> I'm fine with that. Otherwise I'll have a look as soon as I find some
> time.
>
It would be great if you could prepare an upload when you are ready.
I'm dreadfully short of time at the moment, though I will find some if
you need assistance.
Thanks,
--
Jonathan Wiltshire jmw@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
No longer marked as found in versions network-manager-applet/0.9.2.0-1.
Request was from Michael Biebl <biebl@debian.org>
to control@bugs.debian.org
.
(Tue, 11 Sep 2012 20:36:15 GMT) (full text, mbox, link).
No longer marked as fixed in versions 0.9.4.0-1.
Request was from Michael Biebl <biebl@debian.org>
to control@bugs.debian.org
.
(Tue, 11 Sep 2012 20:36:15 GMT) (full text, mbox, link).
Marked as found in versions network-manager/0.8.1-6+squeeze1 and reopened.
Request was from Michael Biebl <biebl@debian.org>
to control@bugs.debian.org
.
(Tue, 11 Sep 2012 20:36:16 GMT) (full text, mbox, link).
Marked as fixed in versions network-manager/0.9.4.0-1.
Request was from Michael Biebl <biebl@debian.org>
to control@bugs.debian.org
.
(Tue, 11 Sep 2012 20:36:16 GMT) (full text, mbox, link).
Reply sent
to Michael Biebl <biebl@debian.org>
:
You have taken responsibility.
(Wed, 12 Sep 2012 18:51:03 GMT) (full text, mbox, link).
Notification sent
to Josh Triplett <josh@joshtriplett.org>
:
Bug acknowledged by developer.
(Wed, 12 Sep 2012 18:51:03 GMT) (full text, mbox, link).
Message #100 received at 655972-close@bugs.debian.org (full text, mbox, reply):
Source: network-manager
Source-Version: 0.8.1-6+squeeze2
We believe that the bug you reported is fixed in the latest version of
network-manager, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 655972@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <biebl@debian.org> (supplier of updated network-manager package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 22 Aug 2012 20:57:08 +0200
Source: network-manager
Binary: network-manager network-manager-dev libnm-glib2 libnm-glib-dev libnm-glib-vpn1 libnm-glib-vpn-dev libnm-util1 libnm-util-dev network-manager-dbg
Architecture: source amd64
Version: 0.8.1-6+squeeze2
Distribution: stable
Urgency: low
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org>
Changed-By: Michael Biebl <biebl@debian.org>
Description:
libnm-glib-dev - network management framework (GLib interface)
libnm-glib-vpn-dev - network management framework (GLib interface)
libnm-glib-vpn1 - network management framework (GLib VPN shared library)
libnm-glib2 - network management framework (GLib shared library)
libnm-util-dev - network management framework (development files)
libnm-util1 - network management framework (shared library)
network-manager - network management framework daemon
network-manager-dbg - network management framework daemon - debugging symbols
network-manager-dev - network management framework (development files)
Closes: 655972
Changes:
network-manager (0.8.1-6+squeeze2) stable; urgency=low
.
* debian/patches/84-CVE-2012-2736.patch
- Disable Ad-Hoc WPA connections as the kernel is broken for Ad-Hoc WPA,
and creates the connections as open connections instead.
- Fixes CVE-2012-2736. (Closes: #655972)
Checksums-Sha1:
5bbbc6add816bd0ec0db4e8d8eac3dadf20443dd 2409 network-manager_0.8.1-6+squeeze2.dsc
092a70b3d6095d8cb81bbfa73a0c1244e517c054 35142 network-manager_0.8.1-6+squeeze2.debian.tar.gz
ad5cd1e5416db7bb82d5fa10697526109927d821 933906 network-manager_0.8.1-6+squeeze2_amd64.deb
5baa4ad210670ff70733479498fc27233ff6dcbe 230596 network-manager-dev_0.8.1-6+squeeze2_amd64.deb
12bc12c4b0e296f237e81e132095caeac25cd452 288612 libnm-glib2_0.8.1-6+squeeze2_amd64.deb
2897e61eb85c590b8581bafd3a110d065c7f037b 379360 libnm-glib-dev_0.8.1-6+squeeze2_amd64.deb
766ef54968d85dd2d29676504db809431aecd537 237138 libnm-glib-vpn1_0.8.1-6+squeeze2_amd64.deb
098631b7e77ea13f47dac4111bf8cf31ace233ab 239406 libnm-glib-vpn-dev_0.8.1-6+squeeze2_amd64.deb
3a6b5879a0c6389ff3b5d686e6390472e366af1a 324148 libnm-util1_0.8.1-6+squeeze2_amd64.deb
0f64048ad8a78647b71336427d4f1414ff525dda 499032 libnm-util-dev_0.8.1-6+squeeze2_amd64.deb
8979c22b36f4fd00f4133d398d7a69aec79c95f6 1196866 network-manager-dbg_0.8.1-6+squeeze2_amd64.deb
Checksums-Sha256:
2625c2fb3db8a2c399faa8f1e218b30b37f67ad9ff42cb5a0acd519f57ff350a 2409 network-manager_0.8.1-6+squeeze2.dsc
b6c586b5ba2d7bc4c2fc6466894406337e5f63370da2aecb4324bb336769b491 35142 network-manager_0.8.1-6+squeeze2.debian.tar.gz
0f5628ca48a43c7a5faa8a1200682abe441e43db2ed7dce089895391dd628c34 933906 network-manager_0.8.1-6+squeeze2_amd64.deb
72cdb4cb17ebbae7d98142430e0ab116b5795fb7e5739ec14a99471b04891768 230596 network-manager-dev_0.8.1-6+squeeze2_amd64.deb
7357aa3be0b6317b15ced04aec44fa1076ff87c7fddd023cf0588ec8b134ae9f 288612 libnm-glib2_0.8.1-6+squeeze2_amd64.deb
991a469412f36aba5d47257b4f055b0fd1ba4400db87b3bc23f5f3489eea4136 379360 libnm-glib-dev_0.8.1-6+squeeze2_amd64.deb
de7655f40f294f6c88187f286b0cc3ca551c26e87803d7d16d3db678aff58d60 237138 libnm-glib-vpn1_0.8.1-6+squeeze2_amd64.deb
ad0a26f90381aa2e518e0b95c48a74028468b01d8aa86cd064f42f7c72f24233 239406 libnm-glib-vpn-dev_0.8.1-6+squeeze2_amd64.deb
947e3b8e42f5bed84fe19250332a827c01f338f70d1ed3ad225420b19d2b886b 324148 libnm-util1_0.8.1-6+squeeze2_amd64.deb
9a8e1fe28d0b1edd08ea10d2203d4e40d1a70ff330a740064c75b0ac48c6e998 499032 libnm-util-dev_0.8.1-6+squeeze2_amd64.deb
51f6a0bd0d827f030e07d6682fb43d0c47309ecc2ac12f0b185b41081535b064 1196866 network-manager-dbg_0.8.1-6+squeeze2_amd64.deb
Files:
65dc8d7f1d7924904b2214a79aec434f 2409 net optional network-manager_0.8.1-6+squeeze2.dsc
e290776e80e10a2f8ab0357765c1f616 35142 net optional network-manager_0.8.1-6+squeeze2.debian.tar.gz
015f200cfd726ad8fe36a9cb0a7d8d9c 933906 net optional network-manager_0.8.1-6+squeeze2_amd64.deb
5d2cfbb400a818c191fa47fd7f0a8fe5 230596 devel optional network-manager-dev_0.8.1-6+squeeze2_amd64.deb
0218f9c9f850d57ac08f63c2af78569f 288612 libs optional libnm-glib2_0.8.1-6+squeeze2_amd64.deb
5e0ba2a753e679ecc04f1917b4a91d8d 379360 libdevel optional libnm-glib-dev_0.8.1-6+squeeze2_amd64.deb
98cca6d9fdea27bbe2ae64df8cd7ec76 237138 libs optional libnm-glib-vpn1_0.8.1-6+squeeze2_amd64.deb
701a5ef6a0bf38088d7543ae47eb7240 239406 libdevel optional libnm-glib-vpn-dev_0.8.1-6+squeeze2_amd64.deb
8d04bef4f0c726f4219d5214c88ef2fc 324148 libs optional libnm-util1_0.8.1-6+squeeze2_amd64.deb
17d8a207d005d26ef50baacdf931b0cc 499032 libdevel optional libnm-util-dev_0.8.1-6+squeeze2_amd64.deb
3c8a4d550257311061fda72f5fe94e5f 1196866 debug extra network-manager-dbg_0.8.1-6+squeeze2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJQUKaUAAoJEGrh4w1gjyLcPJoP/0cnM1k5rCwZlNRa1I0mUU8X
AAlnAN9619V3YuTT3QC1koEmzluFSS6Z5qDAbYd9Th0STlnM/IakNfb77NO3SdsK
dL/G//2nq9fLXh5Y8jGF+YqaroGtsW/gREaTV+idzqxkrV6NE2z/h5oQek6ingP7
zoEJ4hRZUpUp4SdDWi4xl7FSa7qMoAlcjBqEP8Mnbx6P8JNgrIHPmTvcFJperUuC
uhObUfiVJUJGnHc+9MBvkQta76DScJhrf4FSWtnjg4Bevw0K0zEfPVZzCsT9gd3m
C2bWNGKzqFDWRS/9l7aH92ZErw6K33PHU0wZFBMJjODCcelFlF6FWwZrd6XJXgFY
4JPQYJwQOk3iJfKYcmpH115+QidvWHwOXa5en0W5GfeuEb7Ebm8UvqHFqcWIDTuH
8wKtwZ67Mqv7+EE/bSOvUjQrUysZZTfAYmPihKrrUGVMVZlLehlFxgXItsEl0dNg
QPBuT4gZMF1UE8ge2LVXN72nH+yugArncQezCzrrEsN1I1Xm1bNdY9Sh5aNK0grU
cFALZLL5YoacxYR2uFjlp3hRabbm0TGxoMhkJZ/Ice22V0mUcLbpnLj9D/v/JMkO
6ZzcbFJKkGisRrmk0PtxtgCt4UVdcpogjcY+WqNAMm7czUISeXVm/FFCvoCNyJgy
8qtPPqcz95k+MCFT0tLj
=mZcr
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Thu, 11 Oct 2012 07:27:15 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:43:41 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.