Re: mantis security upgrade breaks user configuration

To: Debian User Mailinglist <debian-user@lists.debian.org>
Subject: Re: mantis security upgrade breaks user configuration
From: Colin Watson <cjwatson@debian.org>
Date: Thu, 3 Jul 2003 17:45:20 +0100
Message-id: <[🔎] 20030703164520.GA2185@riva.ucam.org>
Mail-followup-to: Debian User Mailinglist <debian-user@lists.debian.org>
In-reply-to: <[🔎] 20030703122612.GA584@spot-media.de>
References: <[🔎] 20030703122612.GA584@spot-media.de>

On Thu, Jul 03, 2003 at 02:26:12PM +0200, Alexander Meyer wrote:
> i learned from the debian-security-announce mailinglist that mantis (a
> php bugtracking system) has insecure permissions on the configfile that
> stores the database password. so i did an 'apt-get update ;apt-get
> upgrade' and was quite surprised, as this upgrade didn't just fix
> permissions on this file, but overwrote it without asking. it took me a
> while to find out what happened, and even longer, to restore the
> settings i had in this file, because the update didn't even bother
> backing up the original configuration.

That's a serious bug. Please report it as such.

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

References:
- mantis security upgrade breaks user configuration
  - From: Alexander Meyer <"Alexander Meyer <ali@arles-electrique.de>"@spot-media.de>

Prev by Date: Re: Activating vim color?
Next by Date: Re: Does anyone use an All-in-One Printer!
Previous by thread: mantis security upgrade breaks user configuration
Next by thread: Re: mantis security upgrade breaks user configuration
Index(es):
- Date
- Thread