Ubuntu
kwalletcli package

Is the security fix for this package in a patch for the version (2.03) in natty?

Asked by Robert Simmons

Has the package in natty been patched for the security fix that is listed on the kwalletcli website?

It is listed as "Security fix in kwalletcli_getpin(1): tty I/O now properly disables echoing input when asking for a passphrase"

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu kwalletcli Edit question
Assignee:
No assignee Edit question
Solved by:
Michael Basse
Solved:
Last query:
Last reply:
Revision history for this message
Michael Basse (michael-alpha-unix) said : 		#1

here are the changes

http://changelogs.ubuntu.com/changelogs/pool/universe/k/kwalletcli/kwalletcli_2.03-1ubuntu1/changelog

Revision history for this message
Robert Simmons (rsimmons0) said : 		#2

So, the answer is no?

I read that list and there is no mention of the fix for this bug.

Revision history for this message
Michael Basse (michael-alpha-unix) said : 		#3

correct. is the version from natty affected by this security-issue? or are only higher/lower versions affected by this security-issue?

Revision history for this message
Robert Simmons (rsimmons0) said : 		#4

It looks like 2.03, the version in Natty is affected unless it has been patched for this bug (right?). The project site is here:
https://www.mirbsd.org/kwalletcli.htm

Under the changelog for version 2.10, the fix is listed. Also, it seems that the package in oneiric is the latest 2.11, so it is not affected by the problem:
http://packages.ubuntu.com/oneiric/kwalletcli

Revision history for this message
Michael Basse (michael-alpha-unix) said : 		#5

i will create a security-bug for this. i think the maintainers will then have a look at it and post there opinion about it

Revision history for this message
Best Michael Basse (michael-alpha-unix) said : 		#6

i have created the bug and marked as security-issue. I think this question is answered (with no) so i will tag this question as "answered"

Revision history for this message
Robert Simmons (rsimmons0) said : 		#7

Thanks Michael Basse, that solved my question.