CVE-2009-4145:
nm-connection-editor inadvertently exported connection objects on the bus, and
when a user changes those connections though the connection editor GUI, the
editor may emit a summary of those changes onto the bus, leading to the
information disclosure.
CVE-2009-4144: If the user had set up a WPA Enterprise or 802.1x connection that used a CA
certificate to verify the identity of the network to which the user was
connecting, and the user deleted or moved that CA certificate file at a later
point, NetworkManager will still connect to that network but without using the
CA certificate. This could result in connections to a rogue network that is
spoofing the original network as the identity of the network is not verified
with the CA certificate after the certificate has been deleted.
