[Pkg-utopia-maintainers] Bug#563371: CVE-2009-4145: information disclosure

Giuseppe Iuculano iuculano at debian.org
Sat Jan 2 11:37:30 UTC 2010


Package: network-manager-applet
Severity: important
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for network-manager-applet.

CVE-2009-4145[0]:
| nm-connection-editor in NetworkManager (NM) 0.7.x exports connection
| objects over D-Bus upon actions in the connection editor GUI, which
| allows local users to obtain sensitive information by reading D-Bus
| signals, as demonstrated by using dbus-monitor to discover the
| password for the WiFi network.

Unfortunately the vulnerability described above is not important enough
to get it fixed via regular security update in Debian stable and oldstable. It
does not warrant a DSA.

However it would be nice if this could get fixed via a regular point update[1].
Please contact the release team for this.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4145
    http://security-tracker.debian.org/tracker/CVE-2009-4145
[1] http://www.debian.org/doc/developers-reference/pkgs.html#upload-stable

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAks/L/YACgkQNxpp46476arPBACeNs+9eC93EMDJUxvxMdxjvnvI
wP8AoJNMHewgvBXSxUA4iIHHuWZEEoK6
=vfPq
-----END PGP SIGNATURE-----





More information about the Pkg-utopia-maintainers mailing list