mantis security upgrade breaks user configuration

To: Debian User Mailinglist <debian-user@lists.debian.org>
Subject: mantis security upgrade breaks user configuration
From: Alexander Meyer <"Alexander Meyer <ali@arles-electrique.de>"@spot-media.de>
Date: Thu, 3 Jul 2003 14:26:12 +0200
Message-id: <[🔎] 20030703122612.GA584@spot-media.de>
Mail-followup-to: Debian User Mailinglist <debian-user@lists.debian.org>

hi all,

i learned from the debian-security-announce mailinglist that mantis (a
php bugtracking system) has insecure permissions on the configfile that
stores the database password. so i did an 'apt-get update ;apt-get
upgrade' and was quite surprised, as this upgrade didn't just fix
permissions on this file, but overwrote it without asking. it took me a
while to find out what happened, and even longer, to restore the
settings i had in this file, because the update didn't even bother
backing up the original configuration.

so all you mantis users out there: be warned! make a copy of your
/etc/mantis/config.php before upgrading. also if you don't use the
default apache include, be sure to delete the include line in your
apache conf after upgrading as the upgrade puts it in again, just to be
sure to screw up things right.

i'm very sorry for raising my voice, but WTF IS WRONG WITH THE GUY who
maintains this package??? the reason i am using debian is just to avoid
stuff like this. if i wanted upgrades to break my stuff i could as well
use red hat or something..


alexander

-- 
Alexander Meyer
Key ID: FA4FC80C

Reply to:

Follow-Ups:
- Re: mantis security upgrade breaks user configuration
  - From: Colin Watson <cjwatson@debian.org>
- Re: mantis security upgrade breaks user configuration
  - From: "Noah L. Meyerhans" <noahm@debian.org>

Prev by Date: Re: what is bf2.4, actually?
Next by Date: Re: new debian box reboots itself?
Previous by thread: Re: Boot floppies with XFS
Next by thread: Re: mantis security upgrade breaks user configuration
Index(es):
- Date
- Thread