~ubuntu-branches/ubuntu/gutsy/network-manager-applet/gutsy-security

Tags: 0.6.5-0ubuntu11~7.10.1

* SECURITY UPDATE: Secrets disclosure to unauthorized users
- debian/patches/16_security_CVE-2009-0365.patch: Fix dbus permissions.
- CVE-2009-0365

added added

removed removed

# Description: fix secrets disclosure to unauthorized users (CVE-2009-0365)

diff -Nur -x '*.orig' -x '*~' network-manager-applet-0.6.5/nm-applet.conf network-manager-applet-0.6.5.new/nm-applet.conf

--- network-manager-applet-0.6.5/nm-applet.conf 2007-04-19 14:01:22.000000000 -0400

+++ network-manager-applet-0.6.5.new/nm-applet.conf 2009-02-26 11:27:29.000000000 -0500

@@ -13,6 +13,19 @@

+

+ <deny send_destination="org.freedesktop.NetworkManagerInfo"

+ send_interface="org.freedesktop.NetworkManagerInfo"

+ send_member="getKeyForNetwork"/>

+ <deny send_destination="org.freedesktop.NetworkManagerInfo"

+ send_interface="org.freedesktop.NetworkManagerInfo"

+ send_member="cancelGetKeyForNetwork"/>

+ <deny send_destination="org.freedesktop.NetworkManagerInfo"

+ send_interface="org.freedesktop.NetworkManagerInfo"

+ send_member="updateNetworkInfo"/>

</policy>