jtaylor's branches look good. Packages are building and should be
released soon.
** Changed in: wicd (Ubuntu Lucid)
Status: New = Confirmed
** Changed in: wicd (Ubuntu Natty)
Status: New = Confirmed
** Changed in: wicd (Ubuntu Oneiric)
Status: New = Confirmed
** Changed
This bug was fixed in the package wicd - 1.7.0+ds1-6ubuntu0.11.10.1
---
wicd (1.7.0+ds1-6ubuntu0.11.10.1) oneiric-security; urgency=low
* SECURITY UPDATE: local privilege escalation (LP: #979221)
- debian/patches/36-fix_local_privilege_escalation.patch: sanitize
config
This bug was fixed in the package wicd - 1.7.2.3-1ubuntu0.1
---
wicd (1.7.2.3-1ubuntu0.1) precise-security; urgency=low
* SECURITY UPDATE: local privilege escalation (LP: #979221)
- debian/patches/33-fix_local_privilege_escalation.patch: sanitize
config properties. Thanks
This bug was fixed in the package wicd - 1.7.0+ds1-6ubuntu0.11.04.1
---
wicd (1.7.0+ds1-6ubuntu0.11.04.1) natty-security; urgency=low
* SECURITY UPDATE: local privilege escalation (LP: #979221)
- debian/patches/36-fix_local_privilege_escalation.patch: sanitize
config
This bug was fixed in the package wicd - 1.7.0+ds1-2ubuntu0.1
---
wicd (1.7.0+ds1-2ubuntu0.1) lucid-security; urgency=low
* SECURITY UPDATE: local privilege escalation (LP: #979221)
- debian/patches/23-fix_local_privilege_escalation.patch: sanitize
config properties.
This bug was fixed in the package wicd - 1.7.2.4-1
---
wicd (1.7.2.4-1) unstable; urgency=high
* New upstream version
- really fix local privilege escalation, CVE-2012-2095 (Closes: #668397)
* Fixed typo in previous changelog entry
-- David Paleino da...@debian.org Mon, 30
the patch still works like a charm in precise, no wonder it does nothing useful.
exploit lines still pass the criteria and are inserted into the file without
any sanitation.
reopening, please sanitize the input properly
** Changed in: wicd (Ubuntu)
Status: Fix Released = Confirmed
--
as pointed out to me by mdeslaur it was reintroduced in revision 758
http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/758
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/979221
Title:
Please explain better.
That revision really fixes it in a more general way: without =, spaces
or newlines, you can't do much harm. Sure, you can write arbitrary
values in the config file, but still nothing that would get executed.
--
You received this bug notification because you are a member
** Changed in: wicd
Milestone: 1.7.2 = 1.7.2.4
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/979221
Title:
priv escalation exploit for wicd possible
To manage notifications about this bug go
** Branch linked: lp:~jtaylor/ubuntu/precise/wicd/CVE-2012-2095
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/979221
Title:
priv escalation exploit for wicd possible
To manage notifications about
** Branch linked: lp:~jtaylor/ubuntu/oneiric/wicd/CVE-2012-2095
** Branch linked: lp:~jtaylor/ubuntu/natty/wicd/CVE-2012-2095
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/979221
Title:
priv
** Branch linked: lp:~jtaylor/ubuntu/lucid/wicd/CVE-2012-2095
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/979221
Title:
priv escalation exploit for wicd possible
To manage notifications about
** Also affects: wicd (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: wicd (Ubuntu Natty)
Importance: Undecided
Status: New
** Also affects: wicd (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: wicd (Ubuntu Oneiric)
12.04 has 1.7.2.1-1, which should be fixed. Stable releases will need a
patch.
** Changed in: wicd (Ubuntu)
Status: Triaged = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/979221
** Changed in: wicd (Debian)
Status: New = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/979221
Title:
priv escalation exploit for wicd possible
To manage notifications about
** Package changed: ubuntu = wicd (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/979221
Title:
priv escalation exploit for wicd possible
To manage notifications about this bug go to:
** Changed in: wicd
Status: Fix Committed = Fix Released
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/979221
Title:
priv escalation exploit for wicd
18 matches
Mail list logo