Bug#360484: tripwire: Tripwire requires is policy text files "on line"--security problem

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#360484: tripwire: Tripwire requires is policy text files "on line"--security problem
From: David Baron <d_baron@012.net.il>
Date: Sun, 02 Apr 2006 18:46:11 +0300
Message-id: <[🔎] 20060402154611.20526.86875.reportbug@localhost>
Reply-to: David Baron <d_baron@012.net.il>, 360484@bugs.debian.org

Package: tripwire
Version: 2.3.1.2.0-7
Severity: important

Tripwire now requires its "policy" text files on line and will segfault
and crash with it/them.

For security reasons, it was recommended to keep these off line in safe
storage. Requiring them on line is not secure behavior and it always
worked with the encrypted/binary versions before.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (990, 'unstable'), (650, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-davidb
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages tripwire depends on:
ii  debconf [debconf-2.0]         1.4.72     Debian configuration management sy
ii  exim4                         4.60-5     metapackage to ease exim MTA (v4) 
ii  exim4-daemon-heavy [mail-tran 4.60-5+b1  exim MTA (v4) daemon with extended
ii  libc6                         2.3.6-4    GNU C Library: Shared libraries an
ii  libgcc1                       1:4.1.0-1  GCC support library
ii  libstdc++6                    4.1.0-1    The GNU Standard C++ Library v3

tripwire recommends no packages.

-- debconf information excluded

Reply to:

Prev by Date: Bug#360416: Other libswt related problem
Next by Date: Bug#360484: Might not be requiring the txt file!
Previous by thread: Bug#360416: Other libswt related problem
Next by thread: Bug#360484: Might not be requiring the txt file!
Index(es):
- Date
- Thread