Package: horde3 Version: 3.0.5-1 Severity: critical Tags: security Justification: root security hole
In the README.Debian, in section 6. it is recommended that the end user executes: chown root.www config/* chmod 0440 config/* becuase the "Some of Horde's configuration files contain passwords which local users could use to access your database". This is somehting that should be done by the maintainer scripts and not left up to the end user to do. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-1-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages horde3 depends on: ii apache [httpd] 1.3.33-7 versatile, high-performance HTTP s ii libapache-mod-php4 [phpapi-2 4:4.3.10-15 server-side, HTML-embedded scripti ii php4 4:4.3.10-15 server-side, HTML-embedded scripti ii php4-cli [phpapi-20020918] 4:4.3.10-15 command-line interpreter for the p ii php4-domxml 4:4.3.10-15 XMLv2 module for php4 ii php4-pear 4:4.3.10-15 PEAR - PHP Extension and Applicati ii php4-pear-log 1.6.0-1.1 Log module for PEAR Versions of packages horde3 recommends: ii logrotate 3.7.1-2 Log rotation utility pn php-date <none> (no description available) pn php-file <none> (no description available) pn php-mail-mime <none> (no description available) pn php-services-weather <none> (no description available) pn php4-gd | php4-gd2 <none> (no description available) pn php4-mcrypt <none> (no description available) pn php4-mysql | php4-pgsql | php <none> (no description available) -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]