Bug#360484: tripwire: Tripwire requires is policy text files "on line"--security problem
Package: tripwire
Version: 2.3.1.2.0-7
Severity: important
Tripwire now requires its "policy" text files on line and will segfault
and crash with it/them.
For security reasons, it was recommended to keep these off line in safe
storage. Requiring them on line is not secure behavior and it always
worked with the encrypted/binary versions before.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (990, 'unstable'), (650, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-davidb
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages tripwire depends on:
ii debconf [debconf-2.0] 1.4.72 Debian configuration management sy
ii exim4 4.60-5 metapackage to ease exim MTA (v4)
ii exim4-daemon-heavy [mail-tran 4.60-5+b1 exim MTA (v4) daemon with extended
ii libc6 2.3.6-4 GNU C Library: Shared libraries an
ii libgcc1 1:4.1.0-1 GCC support library
ii libstdc++6 4.1.0-1 The GNU Standard C++ Library v3
tripwire recommends no packages.
-- debconf information excluded
Reply to: