Bug#808384: marked as done (debian-el: Report include authentication info.)

To: Xiyue Deng <manphiz@gmail.com>
Subject: Bug#808384: marked as done (debian-el: Report include authentication info.)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 26 Oct 2024 06:51:02 +0000
Message-id: <[🔎] handler.808384.D808384.17299253701507585.ackdone@bugs.debian.org>
Reply-to: 808384@bugs.debian.org
References: <E1t4ac4-009mrc-7I@fasolo.debian.org> <87poy2wu31.fsf@gavenkoa.example.com>

Your message dated Sat, 26 Oct 2024 06:49:28 +0000
with message-id <E1t4ac4-009mrc-7I@fasolo.debian.org>
and subject line Bug#808384: fixed in debian-el 37.17
has caused the Debian Bug report #808384,
regarding debian-el: Report include authentication info.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
808384: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808384
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: debian-el: Report include authentication info.
From: Oleksandr Gavenko <gavenkoa@gmail.com>
Date: Sat, 19 Dec 2015 13:34:10 +0200
Message-id: <87poy2wu31.fsf@gavenkoa.example.com>

Package: debian-el
Version: 35.12
Severity: grave

My bug report via "M-x debian-bug" include authentication info:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808378

because I edit package supplied file /etc/tomcat8/tomcat-users.xml.

That come from

  (defun debian-bug-compose-report
    ...
      (debian-bug-prefill-report package severity) ;; <=== HERE

`debian-bug-prefill-report' function call external program:

  $ reportbug --template -T none -s none -S normal -b --list-cc=none --no-bug-script -q tomcat8

In interactive mode reportbug ask you for reviewing any modified files explicitly.

"M-x debian-bug" shown files content also but I see usual text like at top:

  -- System Information:

and didn't mind to scroll to part hidden bellow:

  -- Configuration Files:

I would like to see basic handler that looks for reasonable selected keywords:

  user, password, passwd, pass, 123456, host, port <== any other welcome!

and warn user that there are possible authentication data leak!

I think that this help bite 90% of authentication info data leaks.

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (200, 'unstable'), (100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages debian-el depends on:
ii  bzip2              1.0.6-8
ii  dpkg               1.18.3
ii  emacs              46.1
ii  emacs23 [emacsen]  23.4+1-4.1+b1
ii  emacs24 [emacsen]  24.5+1-3
ii  file               1:5.25-2
ii  install-info       6.0.0.dfsg.1-3
ii  reportbug          6.6.5

Versions of packages debian-el recommends:
ii  dlocate     1.02+nmu3
ii  groff-base  1.22.3-1
ii  wget        1.16.3-3

Versions of packages debian-el suggests:
pn  gnus  <none>

-- no debconf information

-- 
Best regards!

--- End Message ---

--- Begin Message ---

To: 808384-close@bugs.debian.org
Subject: Bug#808384: fixed in debian-el 37.17
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 26 Oct 2024 06:49:28 +0000
Message-id: <E1t4ac4-009mrc-7I@fasolo.debian.org>
Reply-to: Xiyue Deng <manphiz@gmail.com>

Source: debian-el
Source-Version: 37.17
Done: Xiyue Deng <manphiz@gmail.com>

We believe that the bug you reported is fixed in the latest version of
debian-el, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 808384@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Xiyue Deng <manphiz@gmail.com> (supplier of updated debian-el package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 25 Oct 2024 23:37:59 -0700
Source: debian-el
Architecture: source
Version: 37.17
Distribution: unstable
Urgency: medium
Maintainer: Debian Emacsen team <debian-emacsen@lists.debian.org>
Changed-By: Xiyue Deng <manphiz@gmail.com>
Closes: 808384
Changes:
 debian-el (37.17) unstable; urgency=medium
 .
   * Rework info page handling
     - Remove install-info from Build-Depends and stop invoking it in
       d/rules as per policy 12.2.
     - Use d/info to include generated info pages to let dh_installinfo
       handle them.
   * Add info documentation for debian-bug-request-for-sponsor
   * Add a prompt for including configuration files (Closes: #808384)
     - Prompt user to choose whether to include configuration file contents
       to the bug report.
     - Also add a help window to inform user to check and remove any
       sensitive information included in the mail template.
   * Always create a new buffer for bug script
     - Previous runs of bug script may left an non-empty buffer buried
       which is read-only and cannot be reused.
     - Kill any existing bug-script-buffer and create a new one on
       subsequent runs.
Checksums-Sha1:
 8af8ad5f19245db41b22d0b53830ef2eee7e9738 1899 debian-el_37.17.dsc
 139493c5d51873a30d18bd758029054a378c5bd2 58596 debian-el_37.17.tar.xz
Checksums-Sha256:
 35a781adff782fda42c1596d72012da65c5624cda8fa6d706cb7363361b8b42e 1899 debian-el_37.17.dsc
 79e39d2e3054e2eff6afe9b0fb9966b8fd6bdc413e9e3df4014ef0c524712a44 58596 debian-el_37.17.tar.xz
Files:
 77f924abf4b3852addec6e72b2c8bce6 1899 lisp optional debian-el_37.17.dsc
 23391000bca2412135d432be5251ffcd 58596 lisp optional debian-el_37.17.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEiKQfd6o81mjI+LWALell7WOCXJMFAmccjp4SHG1hbnBoaXpA
Z21haWwuY29tAAoJEC3pZe1jglyTIjsP/3NBUXr9gVIq92le4q/wGparXAgxjWKx
eBfJ7ZhtuqWTQ3QfNQNWnhbvCQEZ4r+onMtTdVPn2RA6CszJaQVedt4w7CUDBBtD
cfVAmRcADAhJVWM/SQCDdH2Y4gLOj35KNsryIvdG8gK4qrSyFoxRX3NwyRABZa0j
ejPbYXRR7me+AeFQOTG76l57o6XBDE+6p6XXlyPzUUFJ7YnDLMjYeOGmEIbCzn2j
s6tqx9zN4BvuH4GRarnBFhBHpi/IalOP55MrJSJny2gG69jbb+5n2swsZG5N7il5
e8+Ppfqpgv1ZTZXkGPe1H/YtVcV8c5pqepd+o2wFWN8YaX1abKSREsi4BcgsXxyj
qvkS4bkLJL6QugpxY2YDNh3OdZdWkeQMYXTl1ksuQCStwCKB9F1aURcSqwbcq7cC
dwzNFjRnBF6UXsz6pW9UoODgyROyjjxxP1hS0LYW/oskXglGwdpzzR1DBF3YT3qC
nsax2nrBI3ZmGWQSwXq0PnCIkdCFI/stS//qwCqht+n/qFMsNqPtmnqWvoDTxvl4
nqMU0v990af6qqOEVR+Z53MwiyiD6FO4DEeYnqw3zFaDkrVU3Z5n6Qs+VqUzfDuI
Wn1DWANljhcq4dzfEyPAewtbUG575AnF1alO4+d1vWUtZiQia5KR0jXuxQvW0KG5
v6kWG6QaaeTa
=tb2G
-----END PGP SIGNATURE-----

Attachment: pgp0o0TBn6bO9.pgp
Description: PGP signature

--- End Message ---

Reply to:

Prev by Date: debian-el_37.17_source.changes ACCEPTED into unstable
Next by Date: Processing of debian-el_37.17_source.changes
Previous by thread: debian-el_37.17_source.changes ACCEPTED into unstable
Next by thread: Processing of debian-el_37.17_source.changes
Index(es):
- Date
- Thread