Bug#246093: gnome-cups-manager: This is a security issue quite easy to solve Just modifying the glade files to allow the a pp to show *** when typing your password to add a new p rinter is quite easy. A little harder is to avoid the password to be shown to the rest of the system users whe never they see the printer properties, because touchi ng the C code is necessary. I still think this is a security hole that should never have been in this appl ication. Adminstrating the system with this tool the ro ot user could easyly avoid showing the smb passwords to the rest of the users.

José L. Redrejo José L. Redrejo , 246093@bugs.debian.org
Wed, 09 Jun 2004 12:18:30 +0000 

Package: gnome-cups-manager
Version: 0.17-3
Severity: normal
Followup-For: Bug #246093


-- System Information:
Debian Release: gnulinex
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.6
Locale: LANG=es_ES@euro, LC_CTYPE=es_ES@euro (ignored: LC_ALL set to es_ES@euro)

Versions of packages gnome-cups-manager depends on:
ii  l 2.3.16-5                               Library of functions for 2D graphi
ii  l 1.6.1-2                                The ATK accessibility toolkit
ii  l 0.2.6-3                                Open-source version of SGI's audio
ii  l 2.6.0-1                                Bonobo CORBA interfaces library
ii  l 2.6.0-2                                The Bonobo UI library
ii  l 2.3.2.ds1-12                           GNU C Library: Shared libraries an
ii  l 1.1.20final+cvs20040330-3experimental1 Common UNIX Printing System(tm) - 
ii  l 0.2.29-1                               Enlightened Sound Daemon - Shared 
ii  l 1:3.3.3-6                              GCC support library
ii  l 2.6.1-1                                GNOME configuration database syste
ii  l 1.1.12-4                               LGPL Crypto library - runtime libr
ii  l 1:2.3.6-4                              Library to load .glade files at ru
ii  l 2.4.1-2                                The GLib library of C routines
ii  l 2.6.1-1                                The GNOME 2 library - runtime file
ii  l 2.6.0-4                                A powerful object-oriented display
ii  l 0.1.6-5                                GNOME library for CUPS interaction
ii  l 0.17-3                                 UI extensions to libgnomecups
ii  l 2.6.1.1-1                              The GNOME 2 libraries (User Interf
ii  l 2.6.1.1-2                              The GNOME virtual file-system libr
ii  l 2.6.1.1-2                              The GNOME virtual file-system libr
ii  l 0.8.12-5                               GNU TLS library - runtime library
ii  l 2.4.1-2                                The GTK+ graphical user interface 
ii  l 6b-9                                   The Independent JPEG Group's JPEG 
ii  l 1:2.10.0-0.1                           libraries for ORBit2 - a CORBA ORB
ii  l 1.4.0-3                                Layout and rendering of internatio
ii  l 1.7-4                                  lib for parsing cmdline parameters
ii  l 1:3.3.3-6                              The GNU Standard C++ Library v3
ii  l 0.1.2-1                                Manage ASN.1 structures (runtime)
ii  l 2.6.9-2                                GNOME XML library
ii  x 4.3.0.dfsg.1-1                         X Window System client libraries m
ii  z 1:1.2.1.1-3                            compression library - runtime

-- no debconf information