Bug#900997: marked as done ([print-manager] sends password to remote cups server)
Your message dated Fri, 01 Feb 2019 18:35:21 +0000
with message-id <E1gpder-000BgF-Qu@fasolo.debian.org>
and subject line Bug#900997: fixed in print-manager 4:18.12.1-2
has caused the Debian Bug report #900997,
regarding [print-manager] sends password to remote cups server
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
900997: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900997
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: print-manager
Version: 4:18.04.1-1
Severity: critical
Tags: security
X-Debbugs-CC: secure-testing-team@lists.alioth.debian.org
--- Please enter the report below this line. ---
When on a (possibly untrusted) network with a cups server, opening the KDE configuration panel,
and going to the Printers kcm causes a dialog with the current user name filled in, asking for
that user's password.
This prompt does not express whether the password is being sent to sudo (which a cursory
inspection of the code suggests it does not), to a local cups server, or to a remote cups
server.
Moreover, the certificate that is being used by the server is completely unavailable
for inspection---and worse still does not appear to be rejected if it is invalid.
A print-manager user that is on a network with a hostile cups server could easily be tricked into
sending their password to that cups server.
--- End Message ---
--- Begin Message ---
- To: 900997-close@bugs.debian.org
- Subject: Bug#900997: fixed in print-manager 4:18.12.1-2
- From: Maximiliano Curia <maxy@debian.org>
- Date: Fri, 01 Feb 2019 18:35:21 +0000
- Message-id: <E1gpder-000BgF-Qu@fasolo.debian.org>
Source: print-manager
Source-Version: 4:18.12.1-2
We believe that the bug you reported is fixed in the latest version of
print-manager, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 900997@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Maximiliano Curia <maxy@debian.org> (supplier of updated print-manager package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 01 Feb 2019 19:27:55 +0100
Source: print-manager
Binary: print-manager
Architecture: source
Version: 4:18.12.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Maximiliano Curia <maxy@debian.org>
Description:
print-manager - printer configuration and monitoring tools
Closes: 900997
Changes:
print-manager (4:18.12.1-2) unstable; urgency=medium
.
* New revision
* Rediff patches
* Show more information on CUPS auth dialog (Closes: 900997)
* Release to unstable
Checksums-Sha1:
d842cd5f911e07f62ea48103e9bec2a3dcba9757 2638 print-manager_18.12.1-2.dsc
7634b1654943d40ce2d180aff6b38165b428211a 14724 print-manager_18.12.1-2.debian.tar.xz
d199635f5124c53d6688bf52562712d2361d846d 26225 print-manager_18.12.1-2_source.buildinfo
Checksums-Sha256:
a755230d46bb835d1f36afb51814bd9030a6e1a425be78cc0c292f5d0be52510 2638 print-manager_18.12.1-2.dsc
136c20cbc19ce8de86384be338061cc95cfec9229ece6be9a59f321766121b14 14724 print-manager_18.12.1-2.debian.tar.xz
b55f7c5054a1795c4322418dbf94d89fccf7c27b1ac78c79eb5a8c975c166731 26225 print-manager_18.12.1-2_source.buildinfo
Files:
133ea23ee5be6c1bef88efaf2e588766 2638 kde optional print-manager_18.12.1-2.dsc
1f9f49305832e79e0bcde5d66c3c24b2 14724 kde optional print-manager_18.12.1-2.debian.tar.xz
9380b34a17a64be80366afde2d354141 26225 kde optional print-manager_18.12.1-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE+JIdOnQEyG4RNSIVxxl2mbKbIyoFAlxUj80ACgkQxxl2mbKb
IyrGUBAAm4cm8SesioFXFkhl2DKG3Ib2QsepgVKhhfNh2a6xx4Mf6ZB37lhZX6nS
VaIeWqbfEr0VqAYB+W08PHBN4Slpa5Y3zs71hX7aZoh7JmT71J3VexC6vv9CgYKh
dt6tQWKnH+fWQsfjaLXpFDuwQZ1IK3sIDisOi3Y8kVJTO10PuCRb+BylGeYbhiF4
X4jCBP9MPYbJoIT1cCJ+MQfbr09D8HaMAsQpICjF9svYOcmCUhXF/4J4w1gaLS6R
xQNfzhsXOWCGThj4BNAufm6mlVc2Jyl23pbbvT7V85/0pWNwlmjcSDhAi1H73Ukf
+BdxzPD9UlbvyY3JIRjOBL4NJxAQHSLcP2lr4RKWCkyLDk2pnNjlBr2bxWqeCRPK
8Dc3uyUQgcA3SCV2nyA19cyNwT9NXgz8pNAk3lSwgmngSWxujAYQbOOCLJcN8X2h
/S6Wr7M2RldbnZNv84L2D3Jsg0F3ItcOyxRCmXKgXglASAUvmqQDnwm83ozpyQoR
kYd0Exfr8bTjmSqL7RrSumJS09Srv4sszqlbSSS4O+0lABlp54akkwvs1EfE4Iaj
WPgM3L7PF8NssBZjLXng2hed/WQS66t7y4SiLpssBHiM2wcOR5/2dk8t6htzsn4k
Brd4z/q9dB88CxTAU1/oQIUcYbAH9uh6xa5sbuv8CLD6tr3cfEE=
=RFxg
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: