Debian Bug report logs -
#484102
gammu: entersecuritycode exposes PIN/PUK on the command line
Toggle useless messages
Report forwarded to
debian-bugs-dist@lists.debian.org, Michal Čihař <nijel@debian.org>:
Bug#484102; Package
gammu.
Full text and
rfc822 format available.
Acknowledgement sent to
Marc Haber <mh+debian-bugs@zugschlus.de>:
New Bug report received and forwarded. Copy sent to
Michal Čihař <nijel@debian.org>.
Full text and
rfc822 format available.
Message #5 received at submit@bugs.debian.org (full text, mbox):
Package: gammu
Version: 1.20.0-1
Severity: wishlist
Hi,
gammu entersecuritycode requires the PIN/PUK to be given on the
command line, which exposes the code on the command line, for example
in /proc or ps output.
There should be a possibility to have gammu read the securitycode
from a file and/or standard input to avoid exposure of security data.
Greetings
Marc
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.25.4-scyw00225 (PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages gammu depends on:
ii libbluetooth2 3.30-1 Library to use the BlueZ Linux Blu
ii libc6 2.7-11 GNU C Library: Shared libraries
ii libgammu3 1.20.0-1 Mobile phone management library
ii libmysqlclient15off 5.0.51a-6 MySQL database client library
ii libpq5 8.3.1-2+b1 PostgreSQL C client library
gammu recommends no packages.
-- no debconf information
Information forwarded to
debian-bugs-dist@lists.debian.org:
Bug#484102; Package
gammu.
Full text and
rfc822 format available.
Acknowledgement sent to
Michal Čihař <nijel@debian.org>:
Extra info received and forwarded to list.
Full text and
rfc822 format available.
Message #10 received at 484102@bugs.debian.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi
On Mon, 02 Jun 2008 15:23:16 +0200
Marc Haber <mh+debian-bugs@zugschlus.de> wrote:
> gammu entersecuritycode requires the PIN/PUK to be given on the
> command line, which exposes the code on the command line, for example
> in /proc or ps output.
>
> There should be a possibility to have gammu read the securitycode
> from a file and/or standard input to avoid exposure of security data.
Good idea, I will implement this.
--
Michal Čihař | http://cihar.com | http://blog.cihar.com
[signature.asc (application/pgp-signature, attachment)]
Tags added: upstream
Request was from
Michal Čihař <nijel@debian.org>
to
control@bugs.debian.org.
(Tue, 03 Jun 2008 08:15:12 GMT)
Full text and
rfc822 format available.
Information forwarded to
debian-bugs-dist@lists.debian.org, Michal Čihař <nijel@debian.org>:
Bug#484102; Package
gammu.
Full text and
rfc822 format available.
Acknowledgement sent to
nijel@debian.org:
Extra info received and forwarded to list. Copy sent to
Michal Čihař <nijel@debian.org>.
Full text and
rfc822 format available.
Message #19 received at 484102@bugs.debian.org (full text, mbox):
tags 484102 +pending
thanks
Hi,
The following change has been committed for this bug, and so the
fix will be in the next upload.
===================================================================
Changeset [203] by nijel, 2008-09-10 21:36:45 +0200 (Wed, 10 Sep 2008)
* New upstream version.
- Support for entering PIN from stdin (Closes: #484102).
U trunk/debian/changelog
http://viewsvn.cihar.com/debian-gammu?view=rev&revision=203
Tags added: fixed-upstream
Request was from
Michal Čihař <nijel@debian.org>
to
control@bugs.debian.org.
(Wed, 10 Sep 2008 19:42:04 GMT)
Full text and
rfc822 format available.
Tags added: pending
Request was from
nijel@debian.org
to
control@bugs.debian.org.
(Wed, 10 Sep 2008 19:42:12 GMT)
Full text and
rfc822 format available.
Message sent on to
Marc Haber <mh+debian-bugs@zugschlus.de>:
Bug#484102.
Full text and
rfc822 format available.
Reply sent to
Michal Čihař <nijel@debian.org>:
You have taken responsibility.
Full text and
rfc822 format available.
Notification sent to
Marc Haber <mh+debian-bugs@zugschlus.de>:
Bug acknowledged by developer.
Full text and
rfc822 format available.
Message #31 received at 484102-close@bugs.debian.org (full text, mbox):
Source: gammu
Source-Version: 1.20.91-1
We believe that the bug you reported is fixed in the latest version of
gammu, which is due to be installed in the Debian FTP archive:
gammu_1.20.91-1.diff.gz
to pool/main/g/gammu/gammu_1.20.91-1.diff.gz
gammu_1.20.91-1.dsc
to pool/main/g/gammu/gammu_1.20.91-1.dsc
gammu_1.20.91-1_i386.deb
to pool/main/g/gammu/gammu_1.20.91-1_i386.deb
gammu_1.20.91.orig.tar.gz
to pool/main/g/gammu/gammu_1.20.91.orig.tar.gz
libgammu-common_1.20.91-1_all.deb
to pool/main/g/gammu/libgammu-common_1.20.91-1_all.deb
libgammu-dev_1.20.91-1_i386.deb
to pool/main/g/gammu/libgammu-dev_1.20.91-1_i386.deb
libgammu4-dbg_1.20.91-1_i386.deb
to pool/main/g/gammu/libgammu4-dbg_1.20.91-1_i386.deb
libgammu4_1.20.91-1_i386.deb
to pool/main/g/gammu/libgammu4_1.20.91-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 484102@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michal Čihař <nijel@debian.org> (supplier of updated gammu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 10 Sep 2008 22:19:04 +0200
Source: gammu
Binary: gammu libgammu-dev libgammu-common libgammu4 libgammu4-dbg
Architecture: source i386 all
Version: 1.20.91-1
Distribution: experimental
Urgency: low
Maintainer: Michal Čihař <nijel@debian.org>
Changed-By: Michal Čihař <nijel@debian.org>
Description:
gammu - Mobile phone management utility
libgammu-common - Mobile phone management library
libgammu-dev - Header files for Gammu
libgammu4 - Mobile phone management library
libgammu4-dbg - Mobile phone management library - debugger symbols
Closes: 484102
Changes:
gammu (1.20.91-1) experimental; urgency=low
.
* New upstream version.
- Support for entering PIN from stdin (Closes: #484102).
Checksums-Sha1:
8529ed221be392ce9747ba0a843b612250747401 1273 gammu_1.20.91-1.dsc
088fff4a07af4c55d959568d40a1b712ae279047 1417399 gammu_1.20.91.orig.tar.gz
ffb2efe1b95ee7db6f9ec6b4b26f400bf8dd9f11 6456 gammu_1.20.91-1.diff.gz
5d5c1815280067c053cb29e32a80b2fe7fb71dd0 284560 gammu_1.20.91-1_i386.deb
8d71adfb43fd391f34e35780f947f174b2a9d0eb 168278 libgammu-dev_1.20.91-1_i386.deb
678be517e2dcd0964031cee7f640972feef25aab 146476 libgammu-common_1.20.91-1_all.deb
e17fd211648ee9e309016059520c895f09902ffa 448258 libgammu4_1.20.91-1_i386.deb
dc732cd76f7c46096373afe7d859bcd0d21fff45 1126112 libgammu4-dbg_1.20.91-1_i386.deb
Checksums-Sha256:
fcac5d7fe9e4280364c3979e7662f2d2e8ae901a1774132376e720d7fab9fef5 1273 gammu_1.20.91-1.dsc
c59126571b4dbc7ead703af854cc0304c91f26718ba45c690d9660ac0a1dca59 1417399 gammu_1.20.91.orig.tar.gz
db7befd6dcf52fdb5063de33b66bd9b0acfb44d5789e32424dfea010a0eae797 6456 gammu_1.20.91-1.diff.gz
00c45c09d54a4500b57a2636c4a5b609efa9de410abc4181484e83c39ec01386 284560 gammu_1.20.91-1_i386.deb
518940ba9c521f760ec6e3a7e6fc3fab772ae94a54f35c50c7010dd741e57054 168278 libgammu-dev_1.20.91-1_i386.deb
cef413c15f4672cac957bb30ba29676aed00738350c9f53ec6cb858746d2eab4 146476 libgammu-common_1.20.91-1_all.deb
1798e0d27d37ebd84bcb0f094d839da8d9bd22487b20e035d38d741caff7a047 448258 libgammu4_1.20.91-1_i386.deb
429d59b7517f94a2672e274ea2211afa9360760e01585d22e7be66fbef276482 1126112 libgammu4-dbg_1.20.91-1_i386.deb
Files:
9029c597cd730081ee9512abd92d9a8d 1273 comm optional gammu_1.20.91-1.dsc
6c47dc17ea254fa9a8a366dcf7d16c33 1417399 comm optional gammu_1.20.91.orig.tar.gz
268ed4bb97491f20142620635b97725c 6456 comm optional gammu_1.20.91-1.diff.gz
acd9e1e60c93339cfd27320ca90a0fbd 284560 comm optional gammu_1.20.91-1_i386.deb
08a6e308828a6e2458c65d800cf2727d 168278 libdevel optional libgammu-dev_1.20.91-1_i386.deb
0397876d98c2cdd08c08598631682ad8 146476 libs optional libgammu-common_1.20.91-1_all.deb
c930a61d47589a4270cb690455d4fa48 448258 libs optional libgammu4_1.20.91-1_i386.deb
fe56fc43b4a91119ce65f23b8b74e7bd 1126112 libdevel extra libgammu4-dbg_1.20.91-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkjILaoACgkQ3DVS6DbnVgReIQCgklHiJL4mjT/JGecHwL23GJyp
zK4AoJ8rQ0DzwQ4h7KwoboufVW31DeRz
=1n9B
-----END PGP SIGNATURE-----
Tags added: fixed-upstream
Request was from
bts-link-upstream@lists.alioth.debian.org
to
control@bugs.debian.org.
(Sun, 28 Sep 2008 16:35:12 GMT)
Full text and
rfc822 format available.
Bug archived.
Request was from
Debbugs Internal Request <owner@bugs.debian.org>
to
internal_control@bugs.debian.org.
(Thu, 19 Mar 2009 07:25:53 GMT)
Full text and
rfc822 format available.
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Fri Sep 10 00:13:37 2010;
Machine Name:
lindberg.debian.org
Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.