Your message dated Mon, 3 Jan 2005 21:59:38 -0800
with message-id <[EMAIL PROTECTED]>
and subject line KDE 3.3.1 in sarge, closes many RC bugs
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 10 Dec 2004 19:43:45 +0000
>From [EMAIL PROTECTED] Fri Dec 10 11:43:45 2004
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Ccqg5-0002M2-00; Fri, 10 Dec 2004 11:43:45 -0800
Received: from dragon.kitenet.net (unknown [66.168.94.144])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id 67BDE17E18
for <[EMAIL PROTECTED]>; Fri, 10 Dec 2004 19:43:45 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id 72F2C6E08E; Fri, 10 Dec 2004 14:45:15 -0500 (EST)
Date: Fri, 10 Dec 2004 14:45:15 -0500
From: Joey Hess <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: CAN-2004-1171: plain text password exposure
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="zYM0uCDKw75PZbzx"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
--zYM0uCDKw75PZbzx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: kdelibs, kdebase
Version: 3.3.2
Tags: security, patch
Severity: serious
CAN-2004-1171 is about a security hole in KDE that allows for possible
passoword leakage:
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1)
manually entered by the user or (2) created by the SMB protocol handler, =
stores
those credentials for in plaintext in the user's .desktop file, which may=
be
created with world-readable permissions, which could allow local users to
obtain usernames and passwords for remote resources such as SMB shares.
Note that this will need to be fixed in both the version in unstable
and the older version in testing via t-p-u. This page has details of the
hole and links to patches for all recent versions of KDE:
http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D110261063201488&w=3D2
--=20
see shy jo
--zYM0uCDKw75PZbzx
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBufzKd8HHehbQuO8RAsdTAKDBGhtjlJgCmuToYgD+VvEgyGqaHACgupI0
tHTYFM4JJq9i7f6z2g39Jpc=
=usXq
-----END PGP SIGNATURE-----
--zYM0uCDKw75PZbzx--
---------------------------------------
Received: (at 285126-done) by bugs.debian.org; 4 Jan 2005 05:59:38 +0000
>From [EMAIL PROTECTED] Mon Jan 03 21:59:38 2005
Return-path: <[EMAIL PROTECTED]>
Received: from dsl093-039-086.pdx1.dsl.speakeasy.net (localhost.localdomain)
[66.93.39.86]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1ClhjG-0002gy-00; Mon, 03 Jan 2005 21:59:38 -0800
Received: by localhost.localdomain (Postfix, from userid 1000)
id C24BD1720C5; Mon, 3 Jan 2005 21:59:38 -0800 (PST)
Date: Mon, 3 Jan 2005 21:59:38 -0800
From: Steve Langasek <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED]
Cc: debian-release@lists.debian.org
Subject: KDE 3.3.1 in sarge, closes many RC bugs
Message-ID: <[EMAIL PROTECTED]>
Mail-Followup-To: [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
debian-release@lists.debian.org
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="m1UC1K4AOz1Ywdkx"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0 tests=BAYES_00,VALID_BTS_CONTROL
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 12
--m1UC1K4AOz1Ywdkx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
tags 285126 -sarge
tags 271256 -sarge
tags 285126 -sarge
tags 252670 -sarge
tags 278173 +sid
tags 253701 -sarge
tags 247243 -sarge
thanks
KDE 3.3 has been accepted into testing and should be visible from the
mirrors starting tomorrow. I believe all of these RC bugs can therefore be
closed.
Many thanks to the KDE team for their efforts in making this happen, and to
Anthony Towns for handholding britney through the transition.
--=20
Steve Langasek
postmodern programmer
--m1UC1K4AOz1Ywdkx
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFB2jDGKN6ufymYLloRAvK1AKCt069o1WpYMZLD2v/FBkFDeD+9HQCfclW7
9IlwTEOC5hGQTBoHmwTUHYQ=
=GV3v
-----END PGP SIGNATURE-----
--m1UC1K4AOz1Ywdkx--
