Installed ntop 1.2a7-11 (source i386)

To: debian-changes@lists.debian.org
Subject: Installed ntop 1.2a7-11 (source i386)
From: Joey Hess <joeyh@debian.org>
Date: Thu, 24 Aug 2000 14:53:21 -0400
Message-id: <[🔎] E13S27t-000398-00@auric.debian.org>

Installed:
ntop_1.2a7-11.dsc
  to dists/proposed-updates/ntop_1.2a7-11.dsc
ntop_1.2a7-11.dsc
  to dists/woody/main/source/net/ntop_1.2a7-11.dsc
  replacing ntop_1.2a7-10.dsc
ntop_1.2a7-11_i386.deb
  to dists/proposed-updates/ntop_1.2a7-11_i386.deb
ntop_1.2a7-11_i386.deb
  to dists/woody/main/binary-i386/net/ntop_1.2a7-11.deb
  replacing ntop_1.2a7-10.deb
ntop_1.2a7-11.diff.gz
  to dists/proposed-updates/ntop_1.2a7-11.diff.gz
ntop_1.2a7-11.diff.gz
  to dists/woody/main/source/net/ntop_1.2a7-11.diff.gz
  replacing ntop_1.2a7-10.diff.gz


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.6
Date: Wed, 23 Aug 2000 23:33:31 -0700
Source: ntop
Binary: ntop
Architecture: source i386
Version: 1.2a7-11
Distribution: stable unstable
Urgency: high
Maintainer: Joey Hess <joeyh@debian.org>
Description: 
 ntop       - display network usage in top-like format
Closes: 69842
Changes: 
 ntop (1.2a7-11) stable unstable; urgency=high
 .
   * GRAVE security hole, install immediatly!
   * Ntop, when run in web mode, as root (this is typical use), can be
     remotely exploited to gain root access. Disabled web mode. Preinst now
     kills all ntop processes running in web mode.
   * This is also exploitable if ntop is made suid/sgid -- allows local
     users to obtain root. Ntop is not shipped this way, but suigregister
     could be used by the admin to make it suid. The preinst now removes all
     such bits, and suidregister can no longer control the program's
     permissions. Also added a README.Debian about this.
   * Reference: http://lwn.net/2000/0824/a/fb-ntop.php3
   * Recommendation: Ntop currently has no maintainer in debian, and seems
     to be full of security holes. After a reasonable period to allow
     current installations to be updated to this version, it is my opinion
     it should be removed from unstable.
   * Closes: #69842.
Files: 
 7c49065aba86e19061ccbc84f5c3f911 678 net optional ntop_1.2a7-11.dsc
 798e3abfbe608877c657e7a2657127e6 21585 net optional ntop_1.2a7-11.diff.gz
 4576af1dd15f0743fdcfef2fedc63b4a 202060 net optional ntop_1.2a7-11_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE5pMr32tp5zXiKP0wRAs1TAJ91htQ5nKJ2yCbjSMezXr3771OpLgCeNvUj
YMMpIhV/fZJBWjud99EN2Sw=
=Wjk4
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Installed netscape4.75 4.75-1 (all source i386)
Next by Date: Installed traceroute 1.4a5-3 (source i386)
Previous by thread: Installed netscape4.75 4.75-1 (all source i386)
Next by thread: Installed traceroute 1.4a5-3 (source i386)
Index(es):
- Date
- Thread