Package: horde3
Version: 3.0.5-1
Severity: critical
Tags: security
Justification: root security hole
In the README.Debian, in section 6. it is recommended that the end
user executes:
chown root.www config/*
chmod 0440 config/*
becuase the "Some of Horde's configuration files contain passwords which
local users could use to access your database".
This is somehting that should be done by the maintainer scripts and not
left up to the end user to do.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages horde3 depends on:
ii apache [httpd] 1.3.33-7 versatile, high-performance HTTP s
ii libapache-mod-php4 [phpapi-2 4:4.3.10-15 server-side, HTML-embedded scripti
ii php4 4:4.3.10-15 server-side, HTML-embedded scripti
ii php4-cli [phpapi-20020918] 4:4.3.10-15 command-line interpreter for the p
ii php4-domxml 4:4.3.10-15 XMLv2 module for php4
ii php4-pear 4:4.3.10-15 PEAR - PHP Extension and Applicati
ii php4-pear-log 1.6.0-1.1 Log module for PEAR
Versions of packages horde3 recommends:
ii logrotate 3.7.1-2 Log rotation utility
pn php-date <none> (no description available)
pn php-file <none> (no description available)
pn php-mail-mime <none> (no description available)
pn php-services-weather <none> (no description available)
pn php4-gd | php4-gd2 <none> (no description available)
pn php4-mcrypt <none> (no description available)
pn php4-mysql | php4-pgsql | php <none> (no description available)
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
