On Sunday, March 17, 2013 7:20:01 PM UTC-4, deb...@lavabit.com wrote: > Package: rygel > > Version: 0.14.3-2 > > Severity: important > > > > > > Dear Maintainer, > > > > > > The current version of rygel which is part of Debian Wheezy contains a > > possibly security issue: > > > > When starting rygel preferences a second time (without having changed the > > preferences) the sharing option is activated. > > > > Therefore everyone starting rygel preferences for once, activates the uPnP > > sharing function of all default folders (Music, Videos, Pictures) > > unintentionally. > > > > Considering the latest events with general uPnP security issues, this > > might be a very serious security issue with might lead to compromising the > > system. > > > > > > I replicated the bug using Debian release candidate as well as even more > > current versions. The gnome 3 fallback mode was used. > > > > greetings > > > > > > -- > > To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org > > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Package: rygel Version: 0.14.3 I was able to reproduce this bug (once). I'm using wheezy (kernel: 3.2.0-4-amd64; libc: 2.13-38). The bug occurs on Rygel ( 0.14.3) installed from the wheezy repos. On the first launch of rygel-preferences (used to adjust folders to be shared) the checkbox for "Share media through DLNA" in unchecked. If you click nothing but "Close" and repoen rygel-preferences the checkbox has been enabled and as a result so is file sharing. I expect the program to remember the state of the checkbox and not automatically enable on closing the window. If you uncheck (disable sharing) the box and close the window again and reopen it remembers that the checkbox was not checked. The error only appears to happen the first time you launch rygel-preferences as suggested by the OP. -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages rygel depends on: ii libc6 2.13-38 ii libgee2 0.6.4-2 ii libglib2.0-0 2.33.12+really2.32.4-5 ii libgssdp-1.0-3 0.12.1-2 ii libgstreamer-plugins-base0.10-0 0.10.36-1.1 ii libgstreamer0.10-0 0.10.36-1.1 ii libgupnp-1.0-4 0.18.3-1 ii libgupnp-av-1.0-2 0.10.2-1 ii libgupnp-dlna-1.0-2 0.6.6-1 ii libsoup2.4-1 2.38.1-2 ii libsqlite3-0 3.7.13-1 ii libunistring0 0.9.3-5 ii libuuid1 2.20.1-5.3 ii libxml2 2.8.0+dfsg1-7+nmu1 Versions of packages rygel recommends: ii gstreamer0.10-ffmpeg 0.10.13-5 ii gstreamer0.10-plugins-base 0.10.36-1.1 ii gstreamer0.10-plugins-ugly 0.10.19-2+b2 Versions of packages rygel suggests: pn rygel-mediathek <none> ii rygel-playbin 0.14.3-2 ii rygel-preferences 0.14.3-2 ii rygel-tracker 0.14.3-2 pn tumbler <none> Thanks, Mike O -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
