Bug#820342: marked as done (gpa send public key to server despite the refusal of the user)

Sat, 16 Apr 2016 14:52:16 -0700 

Your message dated Sat, 16 Apr 2016 21:47:49 +0000
with message-id <e1ary4d-0000go...@franck.debian.org>
and subject line Bug#820342: fixed in gpa 0.9.5-2+deb8u1
has caused the Debian Bug report #820342,
regarding gpa send public key to server despite the refusal of the user
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
820342: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820342
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: gpa
Version: 0.9.5-2
Severity: grave
Tags: security
Justification: user security hole

In the Server menu, Send keys. A dialogue box is displaying which asks 
"Are you sure you want to distribute this key?" If I click on the cross 
(x) to close this box, so it is the same as to click on Yes, the key is 
even though sent to the server. It is not the choice of the user. It is 
not conform with standards of the GUIs in Debian or in other OS.

It is a security issue by leak of data after an unwitting action of the 
user.

It should sent the key to the server only when the user click on Yes. 
Else if the user click on the cross or on No, nothing should be sent to 
the server


-- System Information:
Debian Release: 8.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.4.0-0.bpo.1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gpa depends on:
ii  gnupg2               2.0.26-6
ii  gpgsm                2.0.26-6
ii  libassuan0           2.1.2-2
ii  libatk1.0-0          2.14.0-1
ii  libc6                2.19-18+deb8u4
ii  libcairo2            1.14.0-2.1+deb8u1
ii  libfontconfig1       2.11.0-6.3
ii  libfreetype6         2.5.2-3+deb8u1
ii  libgdk-pixbuf2.0-0   2.31.1-2+deb8u4
ii  libglib2.0-0         2.42.1-1+b1
ii  libgpg-error0        1.17-3
ii  libgpgme11           1.5.1-6
ii  libgtk2.0-0          2.24.25-3+deb8u1
ii  libpango-1.0-0       1.36.8-3
ii  libpangocairo-1.0-0  1.36.8-3
ii  libpangoft2-1.0-0    1.36.8-3
ii  zlib1g               1:1.2.8.dfsg-2+b1

gpa recommends no packages.

gpa suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: gpa
Source-Version: 0.9.5-2+deb8u1

We believe that the bug you reported is fixed in the latest version of
gpa, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 820...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Rönnquist <gus...@debian.org> (supplier of updated gpa package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 08 Apr 2016 21:25:19 +0200
Source: gpa
Binary: gpa
Architecture: source amd64
Version: 0.9.5-2+deb8u1
Distribution: jessie
Urgency: high
Maintainer: Debian GnuPG-Maintainers <pkg-gnupg-ma...@lists.alioth.debian.org>
Changed-By: Andreas Rönnquist <gus...@debian.org>
Description:
 gpa        - GNU Privacy Assistant (GPA)
Closes: 820342
Changes:
 gpa (0.9.5-2+deb8u1) jessie; urgency=high
 .
   * Add patch fixing checks of dialog return values (Closes: #820342)
Checksums-Sha1:
 a21a89872383fdeb256aad7a3e070a371e81d45a 2091 gpa_0.9.5-2+deb8u1.dsc
 9292346fb85ac414b10a2a17781604bd9de0ac4d 9044 gpa_0.9.5-2+deb8u1.debian.tar.xz
 8a29fee67660c316a15691737e0bc37ccd76f7b9 271758 gpa_0.9.5-2+deb8u1_amd64.deb
Checksums-Sha256:
 4130a1026f260f2e8949a63ecf54c6c9ac0acc5e51de119d7045bb65f9a16494 2091 
gpa_0.9.5-2+deb8u1.dsc
 e97612cc49bba5ea1d9b9a01e2ea655dea56939bc46675620e2ffca2eca7998c 9044 
gpa_0.9.5-2+deb8u1.debian.tar.xz
 9d4b2f0e25e88c9e036d00cc3cd53fbb42db4abd09165b9e87142eace140270c 271758 
gpa_0.9.5-2+deb8u1_amd64.deb
Files:
 55f800e86371835e77b3b7b55c6b3385 2091 utils optional gpa_0.9.5-2+deb8u1.dsc
 e6aca6ef470905f870ee52100156aad5 9044 utils optional 
gpa_0.9.5-2+deb8u1.debian.tar.xz
 4cd8b6dac00a512ca40ea714752737ae 271758 utils optional 
gpa_0.9.5-2+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXDxpoAAoJEBlLYxqy2iiI2zYP/iIQtLBGzqA+6W6JgYsuR0Ku
hBGmlOdYjaXLtHJa4juzKCOK8bH+iuLxuKBWEXbX+cmmaqlo7jZYyJ5rwdm9jtQM
95EDNj2h8H9vgAkPeQzhLOspqrlGryHfu6jdXMbpjYRbBCSOI5CvYjfijvWt1JD6
LqXo9RL08KF48RD18bXDy/ZKHPo/oH8PbT31BJCgC6BuCgQTk6f/rGZN7aLRbw/a
fCaEwIfb9nVp1Zp506l0SswbhQD4EBJe/HaWUp4RP9kD8p0Vuywlk1Rh44rkJcVl
8haouFmdlprYB/7M68UqLCjPEclgZmAf7hRskKIEEzd9zfCyj70UY0nBl3kOYzQN
JnXOhVEKZLav+/zVrUqdG3SKIAzQzTPDBj/vhBZ0jc9cnikQYF/QlgOmoByxEhg8
Stoq083/SxrfFk6ZntKzBvAwf0prMHcETWiURfJWson33v9Dar7EKagIYaYwf1tK
uDucEBHMlpjGoxhyEtod4JcuPZjEz6OU8ybV5iJBDWS0F9kYAYGCn1hKzYqlRkkp
VbFX2Hd05trloWh9fbduf4qYH/vs25F4yZNdEH1PJgkh6PmTXkQ2cYWy33DY756e
B4Ds2KcA5iodlgl/OM+tDvUIMXFlXv+HfREsHpGr/DoF953yvCiNRfzTaUc/dGhg
LM244w72g8WQ/ZJKI99r
=amKP
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to