Bug#652417: marked as done (wicd writes sensitive information in log files (password, passphrase...))

Sat, 21 Jan 2012 02:51:31 -0800 

Your message dated Sat, 21 Jan 2012 10:49:37 +0000
with message-id <[email protected]>
and subject line Bug#652417: fixed in wicd 1.7.1~b3-4
has caused the Debian Bug report #652417,
regarding wicd writes sensitive information in log files (password, 
passphrase...)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
652417: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652417
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: wicd
Version: 1.7.1~b3-3
Severity: grave
Tags: security
Justification: user security hole

wicd writes sensitive information in log files (under /var/log/wicd),
such as passwords and passphrases. Users in the adm group can have
access to them, but also log files are meant to be sent in bug
reports, and if the bug reporter doesn't pay attention, there is
a huge risk to transmit such information.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages wicd depends on:
ii  wicd-daemon             1.7.1~b3-3
ii  wicd-gtk [wicd-client]  1.7.1~b3-3

wicd recommends no packages.

wicd suggests no packages.

Versions of packages wicd-gtk depends on:
ii  python         2.7.2-9
ii  python-glade2  2.24.0-2
ii  python-gtk2    2.24.0-2
ii  wicd-daemon    1.7.1~b3-3

Versions of packages wicd-gtk recommends:
ii  gksu           2.0.2-6
ii  python-notify  0.1.1-3

Versions of packages wicd-daemon depends on:
ii  adduser                         3.113
ii  dbus                            1.4.16-1
ii  debconf                         1.5.41
ii  ethtool                         1:3.1-1
ii  iproute                         20111117-1
ii  iputils-ping                    3:20101006-1+b1
ii  isc-dhcp-client [dhcp3-client]  4.1.1-P1-17
ii  lsb-base                        3.2-28
ii  net-tools                       1.60-24.1
ii  psmisc                          22.14-1
ii  python                          2.7.2-9
ii  python-dbus                     0.84.0-2
ii  python-gobject                  3.0.3-1
ii  python-wicd                     1.7.1~b3-3
ii  wireless-tools                  30~pre9-7
ii  wpasupplicant                   0.7.3-5

Versions of packages wicd-daemon recommends:
ii  wicd-gtk [wicd-client]  1.7.1~b3-3

Versions of packages wicd-daemon suggests:
ii  pm-utils  1.4.1-8

Versions of packages python-wicd depends on:
ii  python     2.7.2-9
ii  python2.6  2.6.7-4
ii  python2.7  2.7.2-8

-- debconf information:
* wicd/users: vinc17
* wicd/users: vinc17

--- End Message ---
--- Begin Message --- 
Source: wicd
Source-Version: 1.7.1~b3-4

We believe that the bug you reported is fixed in the latest version of
wicd, which is due to be installed in the Debian FTP archive:

python-wicd_1.7.1~b3-4_all.deb
  to main/w/wicd/python-wicd_1.7.1~b3-4_all.deb
wicd-cli_1.7.1~b3-4_all.deb
  to main/w/wicd/wicd-cli_1.7.1~b3-4_all.deb
wicd-curses_1.7.1~b3-4_all.deb
  to main/w/wicd/wicd-curses_1.7.1~b3-4_all.deb
wicd-daemon_1.7.1~b3-4_all.deb
  to main/w/wicd/wicd-daemon_1.7.1~b3-4_all.deb
wicd-gtk_1.7.1~b3-4_all.deb
  to main/w/wicd/wicd-gtk_1.7.1~b3-4_all.deb
wicd_1.7.1~b3-4.debian.tar.gz
  to main/w/wicd/wicd_1.7.1~b3-4.debian.tar.gz
wicd_1.7.1~b3-4.dsc
  to main/w/wicd/wicd_1.7.1~b3-4.dsc
wicd_1.7.1~b3-4_all.deb
  to main/w/wicd/wicd_1.7.1~b3-4_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Paleino <[email protected]> (supplier of updated wicd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 21 Jan 2012 11:24:53 +0100
Source: wicd
Binary: wicd wicd-daemon wicd-gtk wicd-curses wicd-cli python-wicd
Architecture: source all
Version: 1.7.1~b3-4
Distribution: unstable
Urgency: low
Maintainer: David Paleino <[email protected]>
Changed-By: David Paleino <[email protected]>
Description: 
 python-wicd - wired and wireless network manager - Python module
 wicd       - wired and wireless network manager - metapackage
 wicd-cli   - wired and wireless network manager - scriptable console client
 wicd-curses - wired and wireless network manager - Curses client
 wicd-daemon - wired and wireless network manager - daemon
 wicd-gtk   - wired and wireless network manager - GTK+ client
Closes: 652417 655159 655994
Changes: 
 wicd (1.7.1~b3-4) unstable; urgency=low
 .
   * Fix translations even more (Closes: #655994)
   * Hopefully fixed bug with ESSIDs containing '\x00' (Closes: #655159)
   * Mask out sensitive info in logfiles (Closes: #652417)
Checksums-Sha1: 
 b0f5b879143c017946d62e932f0267b55713c8c7 1447 wicd_1.7.1~b3-4.dsc
 9caefc1e30062c31e30eab84fba9b4d708e7cc1d 199824 wicd_1.7.1~b3-4.debian.tar.gz
 77a597250bf3bc17cffcd3f195a1e54232be99e6 14588 wicd_1.7.1~b3-4_all.deb
 1ba63abfd82879804484a7db2466f46a13533177 246292 wicd-daemon_1.7.1~b3-4_all.deb
 6a35d6bca63ea88ae0b8ce5bb675bdec88481df4 116430 wicd-gtk_1.7.1~b3-4_all.deb
 11f3dbb2439dc874b44e2ba65383a6cd32e51fbb 43992 wicd-curses_1.7.1~b3-4_all.deb
 ba20b5d3b8e8de333dd8fa39d0217f83a20893f7 17728 wicd-cli_1.7.1~b3-4_all.deb
 4f13919b59e5e25a42269550883d3225ae73b853 49548 python-wicd_1.7.1~b3-4_all.deb
Checksums-Sha256: 
 a66a7b6768a14d636df61928c4ab7ee5b407c857e5cce2f152c8fd34025a8507 1447 
wicd_1.7.1~b3-4.dsc
 b61f78f775a8290a3adecd637a9319cd5f7307f9bb41ff06367128be5408e00e 199824 
wicd_1.7.1~b3-4.debian.tar.gz
 45ea9a355791076d82229ee9e3e70c46a321107419c532b70b9ac094bef093d1 14588 
wicd_1.7.1~b3-4_all.deb
 e7686a6fef7edfd3dc893a3d25b35e80da82b588c579edb612cda4bc219380c7 246292 
wicd-daemon_1.7.1~b3-4_all.deb
 235457b5a692650b852c048c93b2809fc1e74dc1527912c17e631aad0096a9b8 116430 
wicd-gtk_1.7.1~b3-4_all.deb
 7393d3936b5f42cfa2bf76fdff6beaf56c8cd67d7f7ba19070c26ba918adf946 43992 
wicd-curses_1.7.1~b3-4_all.deb
 276015c87aee40eb285e2209cb0182ff4c2bdbd564edc5a34a391d8d6a8da13a 17728 
wicd-cli_1.7.1~b3-4_all.deb
 ba7cfaf33cc2a4d70b23c6e457abdee12680c7aa6e62e240eec2ec77e0540acd 49548 
python-wicd_1.7.1~b3-4_all.deb
Files: 
 ec894342abffd34466b9a74cf447a7a5 1447 net optional wicd_1.7.1~b3-4.dsc
 7f471be2852c8f555f1a43db4ae72ed5 199824 net optional 
wicd_1.7.1~b3-4.debian.tar.gz
 b05eec44cba87e2217d387c178b4709e 14588 net optional wicd_1.7.1~b3-4_all.deb
 998d016f037a69950a7e4b6adb1e59bc 246292 net optional 
wicd-daemon_1.7.1~b3-4_all.deb
 55a16ab77c192f3d27de774cf0b3a56f 116430 net optional 
wicd-gtk_1.7.1~b3-4_all.deb
 c2bd77dfb0a16d83693c34a57b94caf0 43992 net optional 
wicd-curses_1.7.1~b3-4_all.deb
 ecc22820346c963def0b95950c779339 17728 net optional wicd-cli_1.7.1~b3-4_all.deb
 5c8fec2bbc8110ae4b514e5fec99eed7 49548 python optional 
python-wicd_1.7.1~b3-4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk8alKMACgkQ5qqQFxOSsXSiWQCgrXYu9EE6XTkf3hKFoFvWC3g1
CzkAniJXFhV+ItHYdQ2KAJ5NezswS7cf
=Uq2z
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to