[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#134069: marked as done (general: /usr/lib/bookmarker/lib/bklocal.inc is word readable)

Your message dated Tue, 26 Feb 2002 19:47:08 -0500
with message-id <E16fsFQ-0006qX-00@auric.debian.org>
and subject line Bug#134069: fixed in bookmarker 2.7.0-2.1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

Received: (at submit) by bugs.debian.org; 15 Feb 2002 11:28:02 +0000
>From t_benk@web.de Fri Feb 15 05:28:02 2002
Return-path: <t_benk@web.de>
Received: from smtp02.web.de (smtp.web.de) [] 
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 16bgX3-0007fh-00; Fri, 15 Feb 2002 05:28:01 -0600
Received: from [] (helo=timo.timoathome.de)
	by smtp.web.de with esmtp (WEB.DE(Exim) 4.25 #15)
	id 16bgWW-0006Us-00; Fri, 15 Feb 2002 12:27:29 +0100
Received: from timo by timo.timoathome.de with local (Exim 3.34 #1)
	id 16bgVb-0000OP-00; Fri, 15 Feb 2002 12:26:31 +0100
Date: Fri, 15 Feb 2002 12:26:26 +0100
From: Timo Benk <t_benk@web.de>
To: submit@bugs.debian.org
Cc: Timo Benk <t_benk@web.de>
Subject: general: /usr/lib/bookmarker/lib/bklocal.inc is word readable
Message-ID: <20020215112626.GB1301@timo.timoathome.de>
Reply-To: Timo Benk <t_benk@web.de>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="m51xatjYGsM+13rf"
Content-Disposition: inline
User-Agent: Mutt/1.3.27i
Sender: t_benk@web.de
Delivered-To: submit@bugs.debian.org

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: general                                                           =
Version: 20020215                                                          =
Severity: grave                                                            =
Hi,                                                                        =
the package bookmarker in woody contains a security hole.                  =
the file /usr/lib/bookmarker/lib/bklocal.inc is word readable and it       =
contains the username and password to the mysql database.                  =
i suggest:                                                                 =
# chgrp www-data /usr/lib/bookmarker/lib/bklocal.inc                       =
# chmod 640 chgrp www-data /usr/lib/bookmarker/lib/bklocal.inc             =
and although a section in the apache config file which prevents access     =
through the web server.                                                    =
-timo                                                                      =
-- System Information                                                      =
Debian Release: 3.0                                                        =
Kernel Version: Linux timo 2.4.17 #12 Mon Jan 21 11:18:47 CET 2002 i686
unknown                        =20


gpg key fingerprint =3D 6832 C8EC D823 4059 0CD1  6FBF 9383 7DBD 109E 98DC

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org



Received: (at 134069-close) by bugs.debian.org; 27 Feb 2002 01:07:18 +0000
>From katie@auric.debian.org Tue Feb 26 19:07:18 2002
Return-path: <katie@auric.debian.org>
Received: from auric.debian.org [] (mail)
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 16fsYw-0003s7-00; Tue, 26 Feb 2002 19:07:18 -0600
Received: from katie by auric.debian.org with local (Exim 3.12 1 (Debian))
	id 16fsFQ-0006qX-00; Tue, 26 Feb 2002 19:47:08 -0500
From: Jason Thomas <jason@debian.org>
To: 134069-close@bugs.debian.org
X-Katie: $Revision: 1.8 $
Subject: Bug#134069: fixed in bookmarker 2.7.0-2.1
Message-Id: <E16fsFQ-0006qX-00@auric.debian.org>
Sender: Archive Administrator <katie@auric.debian.org>
Date: Tue, 26 Feb 2002 19:47:08 -0500
Delivered-To: 134069-close@bugs.debian.org

We believe that the bug you reported is fixed in the latest version of
bookmarker, which is due to be installed in the Debian FTP archive:

  to pool/main/b/bookmarker/bookmarker_2.7.0-2.1.diff.gz
  to pool/main/b/bookmarker/bookmarker_2.7.0-2.1.dsc
  to pool/main/b/bookmarker/bookmarker_2.7.0-2.1_all.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 134069@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Jason Thomas <jason@debian.org> (supplier of updated bookmarker package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA1

Format: 1.7
Date: Wed, 27 Feb 2002 09:12:02 +1100
Source: bookmarker
Binary: bookmarker
Architecture: source all
Version: 2.7.0-2.1
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Jason Thomas <jason@debian.org>
 bookmarker - WWW based bookmark management, retrieval and search tool
Closes: 133858 134069
 bookmarker (2.7.0-2.1) unstable; urgency=low
   * NMU
   * fixed typo in description. (closes: #133858)
   * fixed permissions on file which contains a username and password.
     (closes: #134069)
 c474572a1e094c72ccfc8785c0ee7906 617 web optional bookmarker_2.7.0-2.1.dsc
 69c14ae54edf23d186db5e3d098330d1 10615 web optional bookmarker_2.7.0-2.1.diff.gz
 31c1a338836ffaf89b7e0dc69cb805de 108064 web optional bookmarker_2.7.0-2.1_all.deb

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org


Reply to: