Red Hat Bugzilla – Bug 820166
Fix for CVE-2012-2095 invalidates all templates that use 'ca_cert', 'password' and other fields.
Last modified: 2012-12-20 10:50:20 EST
this (upstream) bug renders wicd unusable for certain encryption settings.
Sorry for not adhering to the usual reporting procedure, but this bug seems to have been reported to upstream and solved in version 22.214.171.124 already, for the details please see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669388 .
can you confirm the Johann's patch proposal would correct this regression?
If so, original Fedora's CVE-2012-2095 wicd bug can be moved to NEW state again to submit the updates (to correct this regression).
Would you need anything else from us due this, let us know.
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team
Sorry for the delay. Yes, this is a valid problem. I have an updated patch to fix CVE-2012-2095 for all use cases. This needs to be fixed in the F-16 and F-17 packages.
I have built wicd-1.7.0-14.fc16 and wicd-126.96.36.199-3.fc17 to fix this problem in F-16 and F-17, respectively. If someone wants to update the existing CVE-2012-2095 security update or issue a new one, feel free. Otherwise I will wait for bug #811763 to go back to NEW and handle it there.
wicd-1.7.0-15.fc16 has been submitted as an update for Fedora 16.
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing wicd-1.7.0-15.fc16'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
wicd-1.7.0-15.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.