Bug#134069: marked as done (general: /usr/lib/bookmarker/lib/bklocal.inc is word readable)
Your message dated Tue, 26 Feb 2002 19:47:08 -0500
with message-id <E16fsFQ-0006qX-00@auric.debian.org>
and subject line Bug#134069: fixed in bookmarker 2.7.0-2.1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 15 Feb 2002 11:28:02 +0000
>From t_benk@web.de Fri Feb 15 05:28:02 2002
Return-path: <t_benk@web.de>
Received: from smtp02.web.de (smtp.web.de) [217.72.192.151]
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 16bgX3-0007fh-00; Fri, 15 Feb 2002 05:28:01 -0600
Received: from [217.227.85.61] (helo=timo.timoathome.de)
by smtp.web.de with esmtp (WEB.DE(Exim) 4.25 #15)
id 16bgWW-0006Us-00; Fri, 15 Feb 2002 12:27:29 +0100
Received: from timo by timo.timoathome.de with local (Exim 3.34 #1)
id 16bgVb-0000OP-00; Fri, 15 Feb 2002 12:26:31 +0100
Date: Fri, 15 Feb 2002 12:26:26 +0100
From: Timo Benk <t_benk@web.de>
To: submit@bugs.debian.org
Cc: Timo Benk <t_benk@web.de>
Subject: general: /usr/lib/bookmarker/lib/bklocal.inc is word readable
Message-ID: <20020215112626.GB1301@timo.timoathome.de>
Reply-To: Timo Benk <t_benk@web.de>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="m51xatjYGsM+13rf"
Content-Disposition: inline
User-Agent: Mutt/1.3.27i
Sender: t_benk@web.de
Delivered-To: submit@bugs.debian.org
--m51xatjYGsM+13rf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: general =
=20
Version: 20020215 =
=20
Severity: grave =
=20
=
=20
Hi, =
=20
=
=20
the package bookmarker in woody contains a security hole. =
=20
the file /usr/lib/bookmarker/lib/bklocal.inc is word readable and it =
=20
contains the username and password to the mysql database. =
=20
=
=20
i suggest: =
=20
# chgrp www-data /usr/lib/bookmarker/lib/bklocal.inc =
=20
# chmod 640 chgrp www-data /usr/lib/bookmarker/lib/bklocal.inc =
=20
=
=20
and although a section in the apache config file which prevents access =
=20
through the web server. =
=20
=
=20
-timo =
=20
=
=20
-- System Information =
=20
Debian Release: 3.0 =
=20
Kernel Version: Linux timo 2.4.17 #12 Mon Jan 21 11:18:47 CET 2002 i686
unknown =20
-timo
--=20
gpg key fingerprint =3D 6832 C8EC D823 4059 0CD1 6FBF 9383 7DBD 109E 98DC
--m51xatjYGsM+13rf
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org
iD8DBQE8bPBik4N9vRCemNwRAh7kAJkBm7rPGSHYkCrX/i3Zvv7XeSJr7gCgstYu
TB/4G0cBHqe1pLhZdl39HqQ=
=kiYb
-----END PGP SIGNATURE-----
--m51xatjYGsM+13rf--
---------------------------------------
Received: (at 134069-close) by bugs.debian.org; 27 Feb 2002 01:07:18 +0000
>From katie@auric.debian.org Tue Feb 26 19:07:18 2002
Return-path: <katie@auric.debian.org>
Received: from auric.debian.org [206.246.226.45] (mail)
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 16fsYw-0003s7-00; Tue, 26 Feb 2002 19:07:18 -0600
Received: from katie by auric.debian.org with local (Exim 3.12 1 (Debian))
id 16fsFQ-0006qX-00; Tue, 26 Feb 2002 19:47:08 -0500
From: Jason Thomas <jason@debian.org>
To: 134069-close@bugs.debian.org
X-Katie: $Revision: 1.8 $
Subject: Bug#134069: fixed in bookmarker 2.7.0-2.1
Message-Id: <E16fsFQ-0006qX-00@auric.debian.org>
Sender: Archive Administrator <katie@auric.debian.org>
Date: Tue, 26 Feb 2002 19:47:08 -0500
Delivered-To: 134069-close@bugs.debian.org
We believe that the bug you reported is fixed in the latest version of
bookmarker, which is due to be installed in the Debian FTP archive:
bookmarker_2.7.0-2.1.diff.gz
to pool/main/b/bookmarker/bookmarker_2.7.0-2.1.diff.gz
bookmarker_2.7.0-2.1.dsc
to pool/main/b/bookmarker/bookmarker_2.7.0-2.1.dsc
bookmarker_2.7.0-2.1_all.deb
to pool/main/b/bookmarker/bookmarker_2.7.0-2.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 134069@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jason Thomas <jason@debian.org> (supplier of updated bookmarker package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 27 Feb 2002 09:12:02 +1100
Source: bookmarker
Binary: bookmarker
Architecture: source all
Version: 2.7.0-2.1
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Jason Thomas <jason@debian.org>
Description:
bookmarker - WWW based bookmark management, retrieval and search tool
Closes: 133858 134069
Changes:
bookmarker (2.7.0-2.1) unstable; urgency=low
.
* NMU
* fixed typo in description. (closes: #133858)
* fixed permissions on file which contains a username and password.
(closes: #134069)
Files:
c474572a1e094c72ccfc8785c0ee7906 617 web optional bookmarker_2.7.0-2.1.dsc
69c14ae54edf23d186db5e3d098330d1 10615 web optional bookmarker_2.7.0-2.1.diff.gz
31c1a338836ffaf89b7e0dc69cb805de 108064 web optional bookmarker_2.7.0-2.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8fAjH7cYwRJJSiL4RArjRAJ90RUX1hd8atwFZS/DevMcBtDNqsQCgnm3M
VEzOqmVWam27HCtkSMuPlac=
=C3MW
-----END PGP SIGNATURE-----
Reply to: