[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#711251: marked as done (root+KDC password in clear in /var/cache/debconf/)

Your message dated Sun, 23 Jun 2013 21:48:26 +0000
with message-id <E1Uqs94-0006mQ-4h@franck.debian.org>
and subject line Bug#711251: fixed in debian-edu-config 1.707
has caused the Debian Bug report #711251,
regarding root+KDC password in clear in /var/cache/debconf/
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

711251: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711251
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
package: debian-edu-config
severity: serious
x-debbugs-cc: debian-edu@lists.debian.org
version: 1.704


On Mittwoch, 5. Juni 2013, Wolfgang Schweer wrote:
> > > Don't know if it was the case before, but now the root password entered
> > > during installation is visible in /var/cache/debconf/templates.dat and
> > > /var/cache/debconf/templates.dat-old (as KDC and LDAP passwords).
> > That is very strange.  The values are supposed to be wiped out at the
> > end of the installation, and their type 'password' which is handled
> > specially by debconf and not stored in the "public" database.
> /var/cache/debconf/passwords.dat is clean, but templates.dat and
> templates.dat-old contain both: first-user-password and root pw (as KDC
> and LDAP pw.

Filing as serious bug, so we dont forget.


Attachment: signature.asc
Description: This is a digitally signed message part.

--- End Message ---
--- Begin Message ---
Source: debian-edu-config
Source-Version: 1.707

We believe that the bug you reported is fixed in the latest version of
debian-edu-config, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 711251@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Petter Reinholdtsen <pere@debian.org> (supplier of updated debian-edu-config package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)

Hash: SHA1

Format: 1.8
Date: Sun, 23 Jun 2013 23:31:16 +0200
Source: debian-edu-config
Binary: debian-edu-config debian-edu-config-gosa-netgroups
Architecture: source all
Version: 1.707
Distribution: unstable
Urgency: low
Maintainer: Debian Edu Developers <debian-edu@lists.debian.org>
Changed-By: Petter Reinholdtsen <pere@debian.org>
 debian-edu-config - Configuration files for Skolelinux systems
 debian-edu-config-gosa-netgroups - netgroups plugin for GOsa²
Closes: 711251 712723
 debian-edu-config (1.707) unstable; urgency=low
   * Uploaded to the Debian Edu archive as debian-edu-config 1.707~svn81085:
   [ Petter Reinholdtsen ]
    * Adjust debian-edu-pxeinstall paths to be compatible with
      debian-installer-7.0-netboot-i386 and
    * Debconf translation updates:
      - add Polish, thanks to Michał Kułach. (Closes: #712723)
   * Uploaded to the Debian Edu archive as debian-edu-config 1.707~svn80889:
   [ Petter Reinholdtsen ]
   * Teach sssd-generate-config and setup-ad-client to ignore the output
     from 'hostname -d' when it is '(null)'.  This make the scripts more
   * Correct timezone testsuite check to look for new timezone name for
     the *_ES locale.  Need updates for the other locales too.
   * Make sure we include the new index.html.ro file in the binary
   [ Holger Levsen ]
   * Update timezone testsuite checks for all other languages based on
     /usr/share/zoneinfo on my wheezy system.
   * Uploaded to the Debian Edu archive as debian-edu-config 1.707~svn80617:
   [ Petter Reinholdtsen ]
   * Avoid hardcoded path in setup-roaming, to make it easier to move
     the scripts around.  Made setup-roaming more robust and capable of
     running outside the Debian Edu environment.
   * Made sssd-generate-config more robust, able to handle DNS lookups
     which fall back to TCP.
   * Made setup-ad-client more self contained, robust and get it
     working out of the box in an Active Directory environment, also on
     non Debian Edu machines.
   * Uploaded to the Debian Edu archive as debian-edu-config 1.707~svn80573:
   [ Holger Levsen ]
   * debian/control, Vcs* headers: Replace svn.debian.org with
   [ Petter Reinholdtsen ]
   * Move code in sssd-generate-config to detect DNS domain name into
     its own function, to make it easier to share that code with
   * Make setup-ad-client more automatic, flexible and robust.
   * Uploaded to the Debian Edu archive as debian-edu-config 1.707~svn80562:
   * Switch default APT source, fallback LTSP mirror and fallback PXE
     mirror from ftp.skolelinux.org, ftp.debian.org and cdn.debian.net
     to http.debian.net, to pick a nearby mirror in the most efficient
     way available today.
   * Update sssd-generate-config with the change done to sssd.conf in
     version 1.704~svn79934, and generate sssd.conf with checking og
     the TLS certificate, now that it is working as it should.
   * Make sssd-generate-config more robust, to not fail when hostname
     do not understand the -d argument.
   * New script setup-ad-client to set up a roaming workstation as a
     Active Directory client and adjust sssd-generate-config to allow
     this to work.
   * Uploaded to the Debian Edu archive as debian-edu-config 1.707~svn80551:
   * Adjust webcache testsuite check, and remove now obsolete argument
     sendt to wpad-extract.
   * Add libwebkitgtk-1.0-0 as a dependency of debian-edu-config next
     to libproxy-tools, as the webkit shared library is needed for
     libproxy to handle WPAD files.
   * Uploaded to the Debian Edu archive as debian-edu-config 1.707~svn80547:
   [ Petter Reinholdtsen ]
   * Replicate how d-i is operating, and add code in LTSP setup script
     032-edu-pkgs to run dpkg with the force-unsafe-io flag when creating
     the LTSP chroot, to try to speed up the process.
   * Adjust run-at-first-boot to call update-proxy-from-wpad on the
     Main Server, to try to get the proxy setup working.  The automatic
     proxy setup only run from dhcp, which the Main Server do not use.
   * Uploaded to the Debian Edu archive as debian-edu-config 1.707~svn80497:
   [ Petter Reinholdtsen ]
   * Add postinst code to purge the leftover passwords from the debconf
     database when debian-edu-config is upgraded from a vulnerable
     version (Closes: #711251).
 7601a02a5516727f8cfdbd8faa5cbe62661af31f 1277 debian-edu-config_1.707.dsc
 cdb48f948603f289ccfe201c3d7aa1e022d89408 524824 debian-edu-config_1.707.tar.gz
 5bb38af8b900f044d054dab70e6e332505c2ca21 404528 debian-edu-config_1.707_all.deb
 af093076450de6c55757f425ecd98915c79c096c 117408 debian-edu-config-gosa-netgroups_1.707_all.deb
 4626b05716eac80c50fb81c3dfb87eb970ccd18fdfcf156056f560038aa56737 1277 debian-edu-config_1.707.dsc
 129c118009ba6263d0e97aa7bc355475a859ba5d988ca73fe8191a0125a80d39 524824 debian-edu-config_1.707.tar.gz
 a9ea678473ca8a93216deb9bb27c1de002b1047df2f94d75419afa26abbfa10f 404528 debian-edu-config_1.707_all.deb
 6c41cdee485a11cfd28a722e9c429a06afe69995c34c08cd5c7ede478d192ceb 117408 debian-edu-config-gosa-netgroups_1.707_all.deb
 619b7d3d4c40871ec2e179c0d8535a71 1277 misc extra debian-edu-config_1.707.dsc
 092d3d4e1ffcd5c7e434d566a0d74d4b 524824 misc extra debian-edu-config_1.707.tar.gz
 9d4cf4a5a387a4410413a249ff9a3a60 404528 misc extra debian-edu-config_1.707_all.deb
 691d27757a2c244dd46736ec44f56818 117408 misc extra debian-edu-config-gosa-netgroups_1.707_all.deb

Version: GnuPG v1.4.10 (GNU/Linux)


--- End Message ---

Reply to: