Summary: | <net-misc/wicd-1.7.1_pre20120127 writes sensitive information in log files (CVE-2012-0813) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | c1pher, tomka |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2012/01/26/13 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 411729 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2012-01-27 09:32:55 UTC
Bumped to a recent snapshot including the patch: +*wicd-1.7.1_pre20120127 (27 Jan 2012) + + 27 Jan 2012; Thomas Kahle <tomka@gentoo.org> +wicd-1.7.1_pre20120127.ebuild: + bump to fix bug 401005 Shall we stable this one? (In reply to comment #1) > Shall we stable this one? Sure. Arches, please test and mark stable: =net-misc/wicd-1.7.1_pre20120127 Target keywords : "amd64 ppc ppc64 x86" x86: is ok amd64 stable x86 stable ppc done @ppc64 no need to spend your time to stabilize a vulnerable version. You will continue in bug 411729 GLSA vote: yes. GLSA vote: yes. Added to existing GLSA request. This issue was resolved and addressed in GLSA 201206-08 at http://security.gentoo.org/glsa/glsa-201206-08.xml by GLSA coordinator Sean Amoss (ackle). CVE-2012-0813 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0813): Wicd before 1.7.1 saves sensitive information in log files in /var/log/wicd, which allows context-dependent attackers to obtain passwords and other sensitive information. |