Bug#246093: marked as done (Samba passwords are shown in plain text)

Debian Bug Tracking System owner@bugs.debian.org
Thu, 10 Jun 2004 08:18:10 -0700


Your message dated Thu, 10 Jun 2004 11:02:08 -0400
with message-id <E1BYR4C-0008Ey-00@newraff.debian.org>
and subject line Bug#246093: fixed in gnome-cups-manager 0.18-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 27 Apr 2004 07:20:34 +0000
>From root@itais.net Tue Apr 27 00:20:33 2004
Return-path: <root@itais.net>
Received: from 126.red-80-25-94.pooles.rima-tde.net (portatiljl.itais.net) [80.25.94.126] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BIMtN-0000Q1-00; Tue, 27 Apr 2004 00:20:33 -0700
Received: from root by portatiljl.itais.net with local (Exim 3.35 #1 (Debian))
	id 1BIMtG-0002eq-00; Tue, 27 Apr 2004 09:20:26 +0200
From: root <root@itais.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Samba passwords are shown in plain text
X-Mailer: reportbug 1.50
Date: Tue, 27 Apr 2004 09:20:26 +0200
Message-Id: <E1BIMtG-0002eq-00@portatiljl.itais.net>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 
X-CrossAssassin-Score: 1

Package: gnome-cups-manager
Version: 0.17-2linex
Severity: critical
Tags: security
Justification: root security hole

When adding samba printers you see the samba password when typing it and later.
Whenever any system user sees this kind of printer properties, he can see the samba password in plain text.

-- System Information
Debian Release: gnulinex
Architecture: i386
Kernel: Linux portatiljl.itais.net 2.6.4 #2 Tue Mar 23 01:06:50 CET 2004 i686
Locale: LANG=spanish, LC_CTYPE=es_ES

Versions of packages gnome-cups-manager depends on:
ii  bonobo-ac 1:2.2.2-1woody1                Bonobo Activation Framework
ii  libart-2. 2.3.11-3woody1                 Library of functions for 2D graphi
ii  libatk1.0 1.2.4-1woody1                  The ATK accessibility toolkit
ii  libaudiof 0.2.3-4woody1                  The Audiofile Library
ii  libbonobo 1:2.2.2-1woody1                Bonobo Activation Framework -- run
ii  libbonobo 2.2.3-1woody1                  Bonobo CORBA interfaces library
ii  libbonobo 2.2.2-1woody1                  The Bonobo UI library
ii  libc6     2.2.5-14.3                     GNU C Library: Shared libraries an
ii  libcupsys 1.1.20final-12.backports.org.1 Common UNIX Printing System(tm) - 
ii  libesd-al 0.2.29-1woody1                 Enlightened Sound Daemon (ALSA) - 
ii  libesd-al 0.2.29-1woody1                 Enlightened Sound Daemon (ALSA) - 
ii  libgconf2 2.2.1-1woody1                  GNOME configuration database syste
ii  libgcrypt 1.1.12-2.backports.org.1       LGPL Crypto library - runtime libr
ii  libglade2 2.0.1-3woody4                  Library to load .glade files at ru
ii  libglib2. 2.2.3-0jds1                    The GLib library of C routines
ii  libgnome2 2.2.3-0jds1                    The GNOME 2 library - runtime file
ii  libgnomec 2.2.1-1woody1                  A powerful object-oriented display
ii  libgnomec 0.1.5-0jds1                    GNOME library for CUPS interaction
ii  libgnomec 0.17-2linex                    UI extensions to libgnomecups
ii  libgnomeu 2.2.2-0jds1                    The GNOME 2 libraries (User Interf
ii  libgnomev 2.2.5-2woody1                  The GNOME virtual file-system libr
ii  libgnomev 2.2.5-2woody1                  The GNOME virtual file-system libr
ii  libgnutls 0.8.1-1woody1                  GNU TLS library - runtime library
ii  libgtk2.0 2.2.1-3woody1                  The GTK+ graphical user interface 
ii  libjpeg62 6b-5                           The Independent JPEG Group's JPEG 
ii  liblinc1  2:1.0.3-2jds1                  library to simplify creating netwo
ii  liborbit2 1:2.6.2-1woody2                Libraries for ORBit2 - a CORBA ORB
ii  libpango1 1.2.1-1woody1                  Layout and rendering of internatio
ii  libpopt0  1.6.4-2                        lib for parsing cmdline parameters
ii  libstdc++ 1:2.95.4-11woody1              The GNU stdc++ library
ii  libtasn1- 0.1.2-1woody1                  Manage ASN.1 structures (runtime)
ii  libxml2   2.5.7-1woody1                  GNOME XML library
ii  xlibs     4.3.0-0woody4                  X Window System client libraries
ii  zlib1g    1:1.1.4-1.0woody0              compression library - runtime


---------------------------------------
Received: (at 246093-close) by bugs.debian.org; 10 Jun 2004 15:08:03 +0000
>From katie@ftp-master.debian.org Thu Jun 10 08:08:03 2004
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BYR9v-0005ma-00; Thu, 10 Jun 2004 08:08:03 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1BYR4C-0008Ey-00; Thu, 10 Jun 2004 11:02:08 -0400
From: Ross Burton <ross@debian.org>
To: 246093-close@bugs.debian.org
X-Katie: $Revision: 1.49 $
Subject: Bug#246093: fixed in gnome-cups-manager 0.18-2
Message-Id: <E1BYR4C-0008Ey-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Thu, 10 Jun 2004 11:02:08 -0400
Delivered-To: 246093-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Source: gnome-cups-manager
Source-Version: 0.18-2

We believe that the bug you reported is fixed in the latest version of
gnome-cups-manager, which is due to be installed in the Debian FTP archive:

gnome-cups-manager_0.18-2.diff.gz
  to pool/main/g/gnome-cups-manager/gnome-cups-manager_0.18-2.diff.gz
gnome-cups-manager_0.18-2.dsc
  to pool/main/g/gnome-cups-manager/gnome-cups-manager_0.18-2.dsc
gnome-cups-manager_0.18-2_i386.deb
  to pool/main/g/gnome-cups-manager/gnome-cups-manager_0.18-2_i386.deb
libgnomecupsui1.0-1_0.18-2_i386.deb
  to pool/main/g/gnome-cups-manager/libgnomecupsui1.0-1_0.18-2_i386.deb
libgnomecupsui1.0-dev_0.18-2_i386.deb
  to pool/main/g/gnome-cups-manager/libgnomecupsui1.0-dev_0.18-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 246093@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ross Burton <ross@debian.org> (supplier of updated gnome-cups-manager package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 10 Jun 2004 15:37:41 +0100
Source: gnome-cups-manager
Binary: libgnomecupsui1.0-dev gnome-cups-manager libgnomecupsui1.0-1
Architecture: source i386
Version: 0.18-2
Distribution: unstable
Urgency: low
Maintainer: Ross Burton <ross@debian.org>
Changed-By: Ross Burton <ross@debian.org>
Description: 
 gnome-cups-manager - CUPS printer admin tool for GNOME
 libgnomecupsui1.0-1 - UI extensions to libgnomecups
 libgnomecupsui1.0-dev - UI extensions to libgnomecups (headers)
Closes: 246093 253609
Changes: 
 gnome-cups-manager (0.18-2) unstable; urgency=low
 .
   * Build-depend on intltool (closes: #253609)
   * Hide the Samba password (closes: #246093)
Files: 
 f853ec7ef5ce9cf9195792ffdb3d2a3b 1577 gnome optional gnome-cups-manager_0.18-2.dsc
 c25db182c92cfc91eeef6056956393d4 4936 gnome optional gnome-cups-manager_0.18-2.diff.gz
 4323885216c1d199f3d1f8fd34e0823d 199762 gnome optional gnome-cups-manager_0.18-2_i386.deb
 7a8201d89d6bef9096db16091200f7fb 15872 libs optional libgnomecupsui1.0-1_0.18-2_i386.deb
 93db2edad9b256b04876da501866ec7d 14976 libdevel optional libgnomecupsui1.0-dev_0.18-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAyHTeLQnkR9C0M98RAnktAJ983xlUpJs+Q6qPuEoZJNXxnKcjVgCfRkPy
visy/7VAc2axixtk5YJycAo=
=6Hn3
-----END PGP SIGNATURE-----