Your message dated Thu, 28 Jul 2005 12:32:19 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#317703: fixed in xsupplicant 1.0.1-5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 10 Jul 2005 20:08:01 +0000
>From [EMAIL PROTECTED] Sun Jul 10 13:08:01 2005
Return-path: <[EMAIL PROTECTED]>
Received: from smtp-1.hut.fi [130.233.228.91]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Dri5o-0000Dr-00; Sun, 10 Jul 2005 13:08:01 -0700
Received: from localhost (katosiko.hut.fi [130.233.228.115])
by smtp-1.hut.fi (8.12.10/8.12.10) with ESMTP id j6AK7Tik026782
for <[EMAIL PROTECTED]>; Sun, 10 Jul 2005 23:07:29 +0300
Received: from smtp-1.hut.fi ([130.233.228.91])
by localhost (katosiko.hut.fi [130.233.228.115]) (amavisd-new, port 10024)
with LMTP id 29625-70 for <[EMAIL PROTECTED]>;
Sun, 10 Jul 2005 23:07:28 +0300 (EEST)
Received: from dhcp-5-197.debconf5.net (a130-233-5-197.debconf5.hut.fi
[130.233.5.197])
by smtp-1.hut.fi (8.12.10/8.12.10) with ESMTP id j6AK2PkU026051
for <[EMAIL PROTECTED]>; Sun, 10 Jul 2005 23:02:25 +0300
From: Frans Pop <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: xsupplicant: Should not write username/password info to log file
Date: Sun, 10 Jul 2005 22:03:05 +0200
User-Agent: KMail/1.7.2
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <[EMAIL PROTECTED]>
X-TKK-Virus-Scanned: by amavisd-new-2.1.2-hutcc at katosiko.hut.fi
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: xsupplicant
Version: 1.0.1-4
Severity: grave
Tags: security
Justification: user security hole
When xsupplicant is started on boot, my wireless card is not "up".
In that situation, xsupplicant happily dumps configuration settings,
including username/password settings, to /var/log/xsupplicant.log.
For the same reason it is probably not a good idea that the default
/etc/xsupplicant/xsupplicant.conf is created world-readable.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-16.0505-1
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages xsupplicant depends on:
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii libssl0.9.7 0.9.7e-3 SSL shared libraries
---------------------------------------
Received: (at 317703-close) by bugs.debian.org; 28 Jul 2005 19:37:22 +0000
>From [EMAIL PROTECTED] Thu Jul 28 12:37:21 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1DyE79-0003IF-00; Thu, 28 Jul 2005 12:32:19 -0700
From: Eric Evans <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#317703: fixed in xsupplicant 1.0.1-5
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 28 Jul 2005 12:32:19 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: xsupplicant
Source-Version: 1.0.1-5
We believe that the bug you reported is fixed in the latest version of
xsupplicant, which is due to be installed in the Debian FTP archive:
xsupplicant_1.0.1-5.diff.gz
to pool/main/x/xsupplicant/xsupplicant_1.0.1-5.diff.gz
xsupplicant_1.0.1-5.dsc
to pool/main/x/xsupplicant/xsupplicant_1.0.1-5.dsc
xsupplicant_1.0.1-5_i386.deb
to pool/main/x/xsupplicant/xsupplicant_1.0.1-5_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Eric Evans <[EMAIL PROTECTED]> (supplier of updated xsupplicant package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 12 Jul 2005 21:07:04 +0300
Source: xsupplicant
Binary: xsupplicant
Architecture: source i386
Version: 1.0.1-5
Distribution: unstable
Urgency: low
Maintainer: Eric Evans <[EMAIL PROTECTED]>
Changed-By: Eric Evans <[EMAIL PROTECTED]>
Description:
xsupplicant - 802.1x supplicant (client)
Closes: 309570 317703
Changes:
xsupplicant (1.0.1-5) unstable; urgency=low
.
* Patched to suppress the printing of passwords in debug output,
(Closes: #317703). Resolves CAN-2005-2437.
* Ensure that xsupplicant.conf is not world readable.
* Corrected copyright to reflect dual-licensing, (Closes: #309570).
Files:
44373375c479efe795951f9c81b933bb 749 net optional xsupplicant_1.0.1-5.dsc
976c47e3ede3884789048ada1777c43b 11156 net optional xsupplicant_1.0.1-5.diff.gz
8c2a5eb42d880d2398d5825e38a10bda 310836 net optional
xsupplicant_1.0.1-5_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFC6SaS+DWPovKDPJMRAvPQAJ9Ox7olo95CFSzYc1oxng2HLCKs7gCfSIu6
AIIPNaJCHp3dlm96t58I1+g=
=YMxQ
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
