Package: rygel Version: 0.14.3-2 Severity: important
> On Sun, Mar 17, 2013 at 07:12:59PM -0400, debm...@lavabit.com wrote: > [...] >> When starting rygel preferences a second time (without having changed >> the >> preferences) the sharing option is activated. > > Unreproducible. The bug is only reproducible when using rygel the first time. When on a newly installed Debian Wheezy, go to rygel preferences. rygel shows that sharing is disabled. Close the rygel preferences window and start rygel preferences a second time. now the sharing option is shown as enabled (box is checked) I reproduced the bug 4 times using different versions of Debian Wheezy. Music files in the shared folders are accessible on the local network via vlc-player > >> >> Therefore everyone starting rygel preferences for once, activates the >> uPnP >> sharing function of all default folders (Music, Videos, Pictures) >> unintentionally. >> >> Considering the latest events with general uPnP security issues, this >> might be a very serious security issue with might lead to compromising >> the >> system. > > Why would any of them apply to the rygel implementation? > Since UPnP is basically something you should only use on a trusted local > network, I don't really see any big problems anyway. While using uPnP on a local trusted network is ok, everyone using Debian Wheezy on a mobile computer is possible at risk when using other networks like public wlan. >> I replicated the bug using Debian release candidate as well as even more >> current versions. The gnome 3 fallback mode was used. > > Please provide detailed information on what you did, what happened, > what you expected to happen and also include your configuration files. > > (please use "reportbug" tool in the future which will help you out > with attaching useful information to the bug report. And please use > a better subject line in the future.) Sorry for the inconvenience, this it the first debian bug I reported. In case it matters, I reproduced the bug using Debian within virtualbox. The "reporttool" results will be added. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
