[Pkg-utopia-maintainers] Bug#628730: network-manager-openvpn logs password
Thijs Kinkhorst
thijs at debian.org
Tue May 31 19:27:29 UTC 2011
Package: network-manager-openvpn
Severity: important
Tags: security
Hi,
The following issue has been reported to Red Hat:
https://bugzilla.redhat.com/show_bug.cgi?id=708876
> Password to unlock certificate is logged to /var/log/messages
>
> May 29 19:46:42 localhost NetworkManager[4791]: destroy_one_secret:
> destroying ********
>
> Version-Release number of selected component (if applicable):
>
> NetworkManager-openvpn-0.8.999-1.fc15.x86_64
Can you please verify if Debian is affected and if so upload fixed packages?
Please reference CVE-2011-1943 in your changelog entry when you fix this
issue.
Thanks,
Thijs
More information about the Pkg-utopia-maintainers
mailing list