[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#684679: RFS: nullmailer/1:1.11-2 (security bugfix upload request)

On Tue, Aug 14, 2012 at 02:00:05AM +0300, Peter Pentchev wrote:
> On Tue, Aug 14, 2012 at 02:51:16AM +0400, Michael Tokarev wrote:
> > On 13.08.2012 00:18, Nick Leverton wrote:
> > []
> > > diff -Nru nullmailer-1.11/debian/changelog nullmailer-1.11/debian/changelog
> > > --- nullmailer-1.11/debian/changelog	2012-06-16 16:36:28.000000000 +0100
> > > +++ nullmailer-1.11/debian/changelog	2012-08-11 23:55:36.000000000 +0100
> > > @@ -1,3 +1,9 @@
> > > +nullmailer (1:1.11-2) unstable; urgency=low
> > > +
> > > +  * Make 'remotes' not world-readable (Closes: #684619)
> > 
> > What's wrong with remotes being world-readable?
> 
> For instance, it may include SMTP authentication information.

This is the issue, yes.  Security team classed it as Serious (#684619,
see original upload template) and hence it's an RC bug, so I'd be very
grateful if a DD could upload this for me.

Thankyou

Nick
Reply to: