Your message dated Mon, 3 Jan 2005 21:59:38 -0800 with message-id <[EMAIL PROTECTED]> and subject line KDE 3.3.1 in sarge, closes many RC bugs has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 10 Dec 2004 19:43:45 +0000 >From [EMAIL PROTECTED] Fri Dec 10 11:43:45 2004 Return-path: <[EMAIL PROTECTED]> Received: from kitenet.net [64.62.161.42] (postfix) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Ccqg5-0002M2-00; Fri, 10 Dec 2004 11:43:45 -0800 Received: from dragon.kitenet.net (unknown [66.168.94.144]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "Joey Hess", Issuer "Joey Hess" (verified OK)) by kitenet.net (Postfix) with ESMTP id 67BDE17E18 for <[EMAIL PROTECTED]>; Fri, 10 Dec 2004 19:43:45 +0000 (GMT) Received: by dragon.kitenet.net (Postfix, from userid 1000) id 72F2C6E08E; Fri, 10 Dec 2004 14:45:15 -0500 (EST) Date: Fri, 10 Dec 2004 14:45:15 -0500 From: Joey Hess <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: CAN-2004-1171: plain text password exposure Message-ID: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="zYM0uCDKw75PZbzx" Content-Disposition: inline User-Agent: Mutt/1.5.6+20040907i Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: --zYM0uCDKw75PZbzx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Package: kdelibs, kdebase Version: 3.3.2 Tags: security, patch Severity: serious CAN-2004-1171 is about a security hole in KDE that allows for possible passoword leakage: KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, = stores those credentials for in plaintext in the user's .desktop file, which may= be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares. Note that this will need to be fixed in both the version in unstable and the older version in testing via t-p-u. This page has details of the hole and links to patches for all recent versions of KDE: http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D110261063201488&w=3D2 --=20 see shy jo --zYM0uCDKw75PZbzx Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBufzKd8HHehbQuO8RAsdTAKDBGhtjlJgCmuToYgD+VvEgyGqaHACgupI0 tHTYFM4JJq9i7f6z2g39Jpc= =usXq -----END PGP SIGNATURE----- --zYM0uCDKw75PZbzx-- --------------------------------------- Received: (at 285126-done) by bugs.debian.org; 4 Jan 2005 05:59:38 +0000 >From [EMAIL PROTECTED] Mon Jan 03 21:59:38 2005 Return-path: <[EMAIL PROTECTED]> Received: from dsl093-039-086.pdx1.dsl.speakeasy.net (localhost.localdomain) [66.93.39.86] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1ClhjG-0002gy-00; Mon, 03 Jan 2005 21:59:38 -0800 Received: by localhost.localdomain (Postfix, from userid 1000) id C24BD1720C5; Mon, 3 Jan 2005 21:59:38 -0800 (PST) Date: Mon, 3 Jan 2005 21:59:38 -0800 From: Steve Langasek <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Cc: debian-release@lists.debian.org Subject: KDE 3.3.1 in sarge, closes many RC bugs Message-ID: <[EMAIL PROTECTED]> Mail-Followup-To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], debian-release@lists.debian.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="m1UC1K4AOz1Ywdkx" Content-Disposition: inline User-Agent: Mutt/1.5.6+20040907i Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-5.0 required=4.0 tests=BAYES_00,VALID_BTS_CONTROL autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: X-CrossAssassin-Score: 12 --m1UC1K4AOz1Ywdkx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable tags 285126 -sarge tags 271256 -sarge tags 285126 -sarge tags 252670 -sarge tags 278173 +sid tags 253701 -sarge tags 247243 -sarge thanks KDE 3.3 has been accepted into testing and should be visible from the mirrors starting tomorrow. I believe all of these RC bugs can therefore be closed. Many thanks to the KDE team for their efforts in making this happen, and to Anthony Towns for handholding britney through the transition. --=20 Steve Langasek postmodern programmer --m1UC1K4AOz1Ywdkx Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFB2jDGKN6ufymYLloRAvK1AKCt069o1WpYMZLD2v/FBkFDeD+9HQCfclW7 9IlwTEOC5hGQTBoHmwTUHYQ= =GV3v -----END PGP SIGNATURE----- --m1UC1K4AOz1Ywdkx--