Bug#469853: cupsys: Logs in /var/log/cups are world-readable

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#469853: cupsys: Logs in /var/log/cups are world-readable
From: Dominic Hargreaves <dom@earth.li>
Date: Fri, 07 Mar 2008 14:42:37 +0000
Message-id: <[🔎] 20080307144237.8521.34079.reportbug@gunboat-diplomat.oucs.ox.ac.uk>
Reply-to: Dominic Hargreaves <dom@earth.li>, 469853@bugs.debian.org

Package: cupsys
Version: 1.2.7-4etch2
Severity: important

[note: I believe this bug should be of a higher severity, since it is a
security bug (information disclosure) but the guidelines for severity do
not make it clear which severity I should choose. Feel free to inflate
the severity if you think it's warranted].

[note 2: I have tested that this bug applies in the version of cupsys in
sid, but am not able to specify multiple version numbers; will follow up
with a message to control@]

Cups logs contain potentially sensitive information, which should not be
exposed to normal users. Please make the logs readable by the adm group
only [ref /usr/share/doc/base-passwd/users-and-groups.txt.gz].

Thanks,

Dominic.

Reply to:

Follow-Ups:
- Bug#469853: marked as done (cupsys: Logs in /var/log/cups are world-readable)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed: version
Next by Date: Processed: Re: Bug#469730: cupsys: [PATCH] for the new pdftops filter - add support for custom pagesize (needed by firefox 3 beta 3)
Previous by thread: Processed: version
Next by thread: Bug#469853: marked as done (cupsys: Logs in /var/log/cups are world-readable)
Index(es):
- Date
- Thread