Your message dated Sun, 11 Jan 2026 00:04:32 +0000
with message-id <[email protected]>
and subject line Bug#1125034: fixed in network-manager-l2tp 1.52.0-1
has caused the Debian Bug report #1125034,
regarding Verify file permissions for private connections (CVE-2025-9615)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1125034: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125034
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: network-manager-l2tp
Version: 1.20.20-2
Severity: important
User: [email protected]
Usertags: CVE-2025-9615
Hi,
the network-manager package was subject to a security issue related to
insecure access to user certificates. See [0] for more details.
This was fixed in [1] and now all VPN plugins need to declare that they
support the new, safe interface.
See [2] for further details and [3] for a similar change that was done
for network-manager-openvpn.
The network-manager 1.54.x package in unstable/testing has been updated
to provide safe APIs for user certificate file access.
For now the usage of those safe APIs is optional but will become
mandatory in network-manager 1.56.
At which point this bug report will become RC as network-manager will
refuse to load VPN plugins without
"supports-safe-private-file-access=true".
Regards,
Michael
[0] https://security-tracker.debian.org/tracker/CVE-2025-9615
[1]
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2324
[2]
https://lists.freedesktop.org/archives/networkmanager/2025-December/000468.html
[3]
https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/commit/ca18fa91e1446543b48a463fb72a4de6a8716aa9
--- End Message ---
--- Begin Message ---
Source: network-manager-l2tp
Source-Version: 1.52.0-1
Done: Douglas Kosovic <[email protected]>
We believe that the bug you reported is fixed in the latest version of
network-manager-l2tp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Douglas Kosovic <[email protected]> (supplier of updated network-manager-l2tp
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 11 Jan 2026 09:34:00 +1000
Source: network-manager-l2tp
Architecture: source
Version: 1.52.0-1
Distribution: unstable
Urgency: medium
Maintainer: Douglas Kosovic <[email protected]>
Changed-By: Douglas Kosovic <[email protected]>
Closes: 1125034
Changes:
network-manager-l2tp (1.52.0-1) unstable; urgency=medium
.
* New upstream version 1.52.0 (Closes: #1125034)
Verify file permissions for private connections to prevent unprivileged
user from using other user's certs (CVE-2025-9615)
* Bump minimum required version of network-manager to 1.54.3
This ensures we have a fix for CVE-2025-9615.
* Bump Standards-Version to 4.7.3
* Drop Priority and Rules-Requires-Root fields
* Update debian/copyright
Checksums-Sha1:
39ae55956bcf701e39c33db614cda51a76b14377 2534 network-manager-l2tp_1.52.0-1.dsc
d850ec71abd6719b312619be1a01202b15b1dcde 513244
network-manager-l2tp_1.52.0.orig.tar.xz
03204283ecf42a6d63ac5ffa65966850dfc0b01b 833
network-manager-l2tp_1.52.0.orig.tar.xz.asc
5567c7bc80d466dc939feb8c2421ab5fc22c61a4 10552
network-manager-l2tp_1.52.0-1.debian.tar.xz
3e7f801538cfbc8b7ce1287ef029b56ecc083f6f 16812
network-manager-l2tp_1.52.0-1_source.buildinfo
Checksums-Sha256:
01d01f8c515475c2510fb731759d408ede8df12bfda531e123d1e168ba59e76c 2534
network-manager-l2tp_1.52.0-1.dsc
7a951d81dfbcbe4044fb88114f7a4e91d4e8f3d55bde148c743d3ee4700df3d9 513244
network-manager-l2tp_1.52.0.orig.tar.xz
43162d88db4587540cc519fd4c9ef689c7786b31263a9f2cf2de50389e067327 833
network-manager-l2tp_1.52.0.orig.tar.xz.asc
904b2073c6b92231f3c60d2ba80a7d334155e9de1b24eaceb5c24221e7fee54a 10552
network-manager-l2tp_1.52.0-1.debian.tar.xz
371de8e66d1a3add32c3c24df18622da5fdf283df9568f46b5900c623eba285a 16812
network-manager-l2tp_1.52.0-1_source.buildinfo
Files:
6ea27060960e7da4e17e7d3451347001 2534 net optional
network-manager-l2tp_1.52.0-1.dsc
90c1d9b3b2255e526e1e2bafde39bdb9 513244 net optional
network-manager-l2tp_1.52.0.orig.tar.xz
786654de7227089f248dcf548f9c65a8 833 net optional
network-manager-l2tp_1.52.0.orig.tar.xz.asc
72e6b4f2ef6900eefd3ee4c417213604 10552 net optional
network-manager-l2tp_1.52.0-1.debian.tar.xz
2e8611ef974658863f9e44d23df096ec 16812 net optional
network-manager-l2tp_1.52.0-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEK0+e3K4A3uTQ16bliJU+bwEc3JYFAmli4joACgkQiJU+bwEc
3JYMBg//cy0PntcFU51ulC9vt5l5O1pHu1U1Gnqj7LAAGIw+fyr2FHDD6U71/4MZ
ZggOqOru4gZvYvUqd0/5P0KwmPl/gbLBSyATm4GqxdDuW/u7M2DGpw3CRiwKDfCu
/JnsTmmur+oKGdPnA2jQd8JT3c9XIxspF+qQzBdVVG+BL4Bsx8BVk4pfn7dnQtSR
4tbuMc93WEYLB1KqJl9L2dT1+bkTZsM3pxeVLatRm/G1iZGHFswK+bOll+rrSx46
qi5xmJ6WrOXMKutVUn7FAp61IpantsSoB0EH+SM/KKtADVpEUQUQDnAaMUoiMFno
1snUY60A4OPYy++Cmy5lTsk2NRTamOPQ/W5NUaoJTrqgesVPVmEsCR8nSFq9DruN
yVwFYGggWlP51x8HwDmdPunkyIQb2MtqY1wmx2ih5VrWDKt71unkfUKOr+LIfot2
SdFFNxlNC0mgRVEQkTbligIChjAS6zfGj9CezQKcIspsjQYRujLnKsYhwVhDEEzO
BF9BzlzLM2SVlCHkwczNhP2OFMVk/KdedwAxbcwB+ZWKHbYZclWEpeai9+MFa3ys
2I0f3SETjUIn6FB5pSvyZl+QssKBH1W+/CkUlYhko1cFgp3TDCrqwsBf6ijHkWNX
1hKiNQnWlHvbUxsaU4SJ5cN50441AOWsjRnSbCQpqT1t0HKakBo=
=8TkE
-----END PGP SIGNATURE-----
pgpondPXvskz0.pgp
Description: PGP signature
--- End Message ---
