lp:~jtaylor/ubuntu/lucid/wicd/CVE-2012-2095
- Get this branch:
- bzr branch lp:~jtaylor/ubuntu/lucid/wicd/CVE-2012-2095
Branch merges
- Ubuntu Development Team: Pending requested
-
Diff: 155 lines (+118/-1)5 files modifieddebian/changelog (+19/-0)
debian/control (+2/-1)
debian/patches/23-fix_local_privilege_escalation.patch (+73/-0)
debian/patches/24-mask-sensitive-info-from-log.patch (+22/-0)
debian/patches/series (+2/-0)
Related bugs
Bug #979221: priv escalation exploit for wicd possible | Undecided | Fix Released | |
Bug #992177: wicd writes sensitive information in log files (password, passphrase...) | Undecided | Fix Released |
Related blueprints
Branch information
- Owner:
- Julian Taylor
- Status:
- Merged
Recent revisions
- 15. By Julian Taylor
-
* SECURITY UPDATE: privilege escalation (LP: #979221)
- debian/patches/ 23-fix_ local_privilege _escalation. patch:
sanitize config properties
Backported from
http://bazaar. launchpad. net/~wicd- devel/wicd/ experimental/ revision/ 767
Thanks to David Paleino <email address hidden>
- CVE-2012-2095
* SECURITY UPDATE: information leak in log files (LP: #992177)
- debian/patches/ 24-mask- sensitive- info-from- log.patch:
mask sensitive information in logs
Backported from
http://bazaar. launchpad. net/~wicd- devel/wicd/ experimental/ revision/ 682
Thanks to David Paleino <email address hidden>
- CVE-2012-0813 - 14. By David Paleino
-
Fix RC bug: daemon doesn't start anymore because copy.deepcopy()
fails with the iniparse object, coming from 20-use_iniparse. patch.
Bug 568326 reopened. (Closes: #572599) - 13. By David Paleino
-
* debian/rules:
- pass --install-layout= deb to python setup.py install
(Closes: #565536)
* debian/control:
- break circular dependency, make wicd-daemon only Recommend the
clients. (Closes: #565608) - 12. By David Paleino
-
* debian/control:
- updated my email address
- DMUA removed
* debian/config: add --quiet to adduser, don't show messages if
user is already in netdev (Closes: #556182)
* debian/patches/:
- 07-workaround_urwid_API_ change. patch added, handle API change
between python-urwid 0.9.8.4 and python-urwid 0.9.9
(Closes: #557462)
- 08-fix_help_message. patch added, fix minor issue with help
message of wicd-curses
- 09-allow_empty_DNS. patch added, one might run a local
forwarder and 127.0.0.1 wouldn't work (Closes: #552598)
- 10-order_scripts_ directories. patch added, scripts were run
in a random order (python's os.listdir())
- 11-fix_gui_showing_ from_tray. patch added, raises the GUI
also when it was trayed in an iconified state (Closes: #549625)
* debian/links removed, debian/manpages added (Closes: #557173) - 11. By David Paleino
-
* debian/po/ja.po updated (Closes: #554838)
* debian/patches/ 06-dont_ bomb_out_ on_configparser _error. patch added
(Closes: #554949) - 10. By David Paleino
-
* debian/po/ja.po added, thanks to Hideki Yamane (Closes: #546231)
* debian/control:
- remove Conflict on network-manager, since both can be used at
the same time, provided they don't try to control the same
interface (Closes: #548978)
- added dependency on dbus (Closes: #540331, #551605)
* debian/patches/ 05-use_ binsh.patch added (Closes: #549443) - 9. By Colin Watson
-
Configure with --no-install-acpi, removing acpi-support integration.
We've used pm-utils for some time now (LP: #366119). - 8. By David Paleino
-
* debian/config, debian/templates updated:
- only show users to add to netdev, skip those who are already
members (Closes: #534138)
- gracefully handle upgrades from previous broken versions, where
debconf set a value of ${default} for wicd/users
(Closes: #532112)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/quantal/wicd