[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#360484: tripwire: Tripwire requires is policy text files "on line"--security problem

Package: tripwire
Severity: important

Tripwire now requires its "policy" text files on line and will segfault
and crash with it/them.

For security reasons, it was recommended to keep these off line in safe
storage. Requiring them on line is not secure behavior and it always
worked with the encrypted/binary versions before.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (990, 'unstable'), (650, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-davidb
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages tripwire depends on:
ii  debconf [debconf-2.0]         1.4.72     Debian configuration management sy
ii  exim4                         4.60-5     metapackage to ease exim MTA (v4) 
ii  exim4-daemon-heavy [mail-tran 4.60-5+b1  exim MTA (v4) daemon with extended
ii  libc6                         2.3.6-4    GNU C Library: Shared libraries an
ii  libgcc1                       1:4.1.0-1  GCC support library
ii  libstdc++6                    4.1.0-1    The GNU Standard C++ Library v3

tripwire recommends no packages.

-- debconf information excluded

Reply to: