[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#775718: marked as done (installation-guide: Appendix B.4: Several security flaws)

Your message dated Mon, 23 Mar 2015 23:04:18 +0000
with message-id <E1YaBOM-0003Bt-GM@franck.debian.org>
and subject line Bug#775718: fixed in installation-guide 20150323
has caused the Debian Bug report #775718,
regarding installation-guide: Appendix B.4: Several security flaws
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
775718: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775718
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: installation-guide
Severity: normal

Dear Maintainer,

in appendix B.4 (http://d-i.debian.org/manual/en.i386/apbs04.html) of
the installation guide the user is advised to generate an encrypted
password using the command

	printf "r00tme" | mkpasswd -s -m md5

This is severely flawed in two ways:

1. It leaves the password in the shells history file as clear text.
2. It still uses MD5 instead of SHA512.

Better use a simple

	mkpasswd -m sha-512

It's also not clear that the user needs to install the "whois" package
to get the mkpasswd command.

Bye...

	Dirk

--- End Message ---
--- Begin Message --- 
Source: installation-guide
Source-Version: 20150323

We believe that the bug you reported is fixed in the latest version of
installation-guide, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 775718@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Samuel Thibault <sthibault@debian.org> (supplier of updated installation-guide package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 04 Jan 2015 00:05:14 +0100
Source: installation-guide
Binary: installation-guide-amd64 installation-guide-arm64 installation-guide-armel installation-guide-armhf installation-guide-i386 installation-guide-kfreebsd-amd64 installation-guide-kfreebsd-i386 installation-guide-mips installation-guide-mipsel installation-guide-powerpc installation-guide-ppc64el installation-guide-s390x
Architecture: source all
Version: 20150323
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Samuel Thibault <sthibault@debian.org>
Description:
 installation-guide-amd64 - Debian installation guide for amd64
 installation-guide-arm64 - Debian installation guide for arm64
 installation-guide-armel - Debian installation guide for armel
 installation-guide-armhf - Debian installation guide for armhf
 installation-guide-i386 - Debian installation guide for i386
 installation-guide-kfreebsd-amd64 - Debian installation guide for kFreeBSD amd64
 installation-guide-kfreebsd-i386 - Debian installation guide for kFreeBSD i386
 installation-guide-mips - Debian installation guide for mips
 installation-guide-mipsel - Debian installation guide for mipsel
 installation-guide-powerpc - Debian installation guide for powerpc
 installation-guide-ppc64el - Debian installation guide for powerpc
 installation-guide-s390x - Debian installation guide for s390x
Closes: 775718
Changes:
 installation-guide (20150323) unstable; urgency=medium
 .
   [ Samuel Thibault ]
   * Rephrase documentation of grub-installer/bootdev to make it clear that it
     has to be specified. document that it can be preseeded with "default".
   * Update preseed grub-style partition name from grub1 style (hd0,0) to grub2
     style (hd0,1).
   * Avoid security issues while making an encrypted root password for a
     preseed file. Closes: #775718.
   * Re-enable da language.
 .
   [ Stuart Prescott ]
   * Advise users not to use unetbootin
   * Suggest win32diskimager as an alternativee to unetbootin
   * Explicitly list the netinst, CD-1 and DVD-1 images as "which image should
     I use" is a FAQ.
 .
   [ Karsten Merker ]
   * Update the armhf platform support status.
   * Update the u-boot USB boot command in the "Booting from a USB stick in
     u-boot" section as required by newer u-boot versions.
 .
   [ Holger Wansing ]
   * Make year for copyright an entity.
 .
   [ Stéphane Blondon ]
   * Add CSS for the html version.
Checksums-Sha1:
 c25d070ba85adea49b42aae4bed10b73676a326d 2952 installation-guide_20150323.dsc
 d89d6a77b683bf6d1da971c6f83ec4b105347ef7 8990618 installation-guide_20150323.tar.gz
 89a8e132a296bf7638c337cee3d75eb710f24c28 15227488 installation-guide-amd64_20150323_all.deb
 e8df90587fedf6b49b35d138847a54bbd1bfa41e 13664710 installation-guide-arm64_20150323_all.deb
 51ef4a87bc1a16a66c1c3e7286b1c1824b19d688 13737300 installation-guide-armel_20150323_all.deb
 c8cbc60a7cefd524117235f11ebad205edd4b233 13691752 installation-guide-armhf_20150323_all.deb
 66580e2d1194bb27695c2b9e97994d78bc9d125e 15291030 installation-guide-i386_20150323_all.deb
 1fd370f3251f43aa310dbd85f6946d61af72757b 13542558 installation-guide-kfreebsd-amd64_20150323_all.deb
 ea85bebe77929413c9f78b646f1a64e8bc2f88f0 13513560 installation-guide-kfreebsd-i386_20150323_all.deb
 95e186911098e0859731e66c09458d224f17ac85 13031294 installation-guide-mips_20150323_all.deb
 f3e7ecec9cc79bfc233686a67bf415f425bee119 12927368 installation-guide-mipsel_20150323_all.deb
 044543c614b9d18c15d1b3dc611cdb5bc5a34d4d 14602820 installation-guide-powerpc_20150323_all.deb
 fb50a322ade4b50f47e3e12e09c44f147c4fa210 14603484 installation-guide-ppc64el_20150323_all.deb
 700f997ad624e9d331f01b864649443a17623f7b 11933826 installation-guide-s390x_20150323_all.deb
Checksums-Sha256:
 169185e7b11c221df36cbd5114f34043d3b2399bb5673614d84461664dabeae6 2952 installation-guide_20150323.dsc
 89d27c4ff5bae820c9ebae2e8ae58429bafcf840b9c82aebfaf79dd947805a17 8990618 installation-guide_20150323.tar.gz
 d74ff11f11923605171c2f1db94c51500f87d8517435b923b56842763a2181c3 15227488 installation-guide-amd64_20150323_all.deb
 90e7328a95a95cb77d856629c5a17d744ae774b4eeaf24bb78eb24561d1f0a8b 13664710 installation-guide-arm64_20150323_all.deb
 5333ccf4ca2dbd4e3f53e3f503c7cd5e1d8727132f714481f6e0c5256393ab00 13737300 installation-guide-armel_20150323_all.deb
 ce67e521d9acd6c5f74c62c5181143ccf5efd15ca8681d05fdf97206f41beaa9 13691752 installation-guide-armhf_20150323_all.deb
 8102bd702cbdc24259d5238759b9e293f4fdc8394a612efd6341dcaf0cd1f5d1 15291030 installation-guide-i386_20150323_all.deb
 1d46a6216ace368cb4232fd608e3de093e46f722c46c1efcc3b44d41f5cb0dd9 13542558 installation-guide-kfreebsd-amd64_20150323_all.deb
 38d6dfbdc1fc18a9fe2bda38e9f2489fbb0649bdd6f4abd576c53695689dc797 13513560 installation-guide-kfreebsd-i386_20150323_all.deb
 9f39e540d7968e9da94e8e52dbece7461e9d72551cc1e5d14532ff58a650a897 13031294 installation-guide-mips_20150323_all.deb
 dc210428e42e7dc0eaa228b04898e8271db0878581a1a20d8ddec8d7d4f4b981 12927368 installation-guide-mipsel_20150323_all.deb
 1f48297e4d16681b7df85fa94d83bf666ef455de4831fadc47023ff3e0a1042c 14602820 installation-guide-powerpc_20150323_all.deb
 2ef35ee2f49a67ba23b05fa4cfd362e9d7dcd927a7c210a082d0332c4ccb07e8 14603484 installation-guide-ppc64el_20150323_all.deb
 c445ade02c6994a6f7ca38501d6651ca530db813869a6b7fc8c944522c9ebe21 11933826 installation-guide-s390x_20150323_all.deb
Files:
 60429f4a98403fe64e18db9531ec3c88 2952 doc optional installation-guide_20150323.dsc
 830cca0571e679ca847bf04d7a0ae429 8990618 doc optional installation-guide_20150323.tar.gz
 c7bef7cb2467de7a04774ec6a9b113d6 15227488 doc optional installation-guide-amd64_20150323_all.deb
 16162b3d4ec285e878263954b5bf41f2 13664710 doc optional installation-guide-arm64_20150323_all.deb
 b526f1a902f04f0eb4cddf70277708b5 13737300 doc optional installation-guide-armel_20150323_all.deb
 e83b523daacddba382dd28414e59e391 13691752 doc optional installation-guide-armhf_20150323_all.deb
 d1aee8afca8f469c5434231761e1bd34 15291030 doc optional installation-guide-i386_20150323_all.deb
 afd674568acef7f13eb0927abec836f1 13542558 doc optional installation-guide-kfreebsd-amd64_20150323_all.deb
 c3516227b514f6c1eb785861e04a7d48 13513560 doc optional installation-guide-kfreebsd-i386_20150323_all.deb
 6836c74bfe0f4e5bf6447956d466f104 13031294 doc optional installation-guide-mips_20150323_all.deb
 cf21472533f92e4cf31a198e44b9a93e 12927368 doc optional installation-guide-mipsel_20150323_all.deb
 29c6a343c9db08805bd897a1887082f8 14602820 doc optional installation-guide-powerpc_20150323_all.deb
 4d2b22c39e6b33715cee6cf5f371fb44 14603484 doc optional installation-guide-ppc64el_20150323_all.deb
 468cf6c8ff6d88cdfd5591eeae706e0d 11933826 doc optional installation-guide-s390x_20150323_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVEJg7AAoJEM8J0LDiiAQrFeQQAJAxvU1hVPJG7CAwRAiRksXG
cLNllxz1f5n9coQGY8bi60ILfUEsBGFCRw3XtmUz6fbMufuwJ3bmX8W39cvpSuYn
9ZbgzknYMI6aF4lcfmPfQ32gL9x/5IN6E2F9jOMUdJ3fmQ009Dya+ZLo1U5FZ7lx
DY9Mhg9pABt7qIFk6yZv5pHyDi9DDogegi8s7wsNltZk4lsGWlvQ6y8UmQwqwpa3
xlOUzCKxlGmH4Ut9EevxEz7BPvK+zTpfm/R558BgHdjauC7MtYnuN+2aUBpdFtnf
MzUDZM/PHEyrkCji2eR0nWDWAO9mOnC6BqtEtzq3Hx51W6ppF4EfG7rcsaCoGN73
QXmS9ykVG+fYJb03UCO043G9LeRYUS7EVMqtvAVHLWP58mCYdsgY6hTMJ5UDDsqe
cLKt0uX+VWGVZEO1oK6iRHr6YHNYNW50RdWNASHU4qNZaIdKA+8Ywp4PGr010fa6
AbLAKAJTmgPPtnTyT6PF4sjeE0hujfbfYJt9rhgqTHAFFX6dbsj/CYnoe53AuVwu
KCOFogGqLJO+c5r3ufr54DTbfvAPdt+uSlUz8Cmm2h665UPwW8v06jKVWeX47SmQ
mp4cPSvVDZwCRDDYnzQAZqzpZqCpQPrGJN9oj/rp/IMryyF/gBRv6qqDv/FrZtO4
jW1u++d6a4nfvqE6oB8H
=lalM
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: