-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 13 Sep 2004 16:32:07 -0400
Source: usermin
Binary: usermin-commands usermin-postgresql usermin-procmail usermin-gnupg 
usermin-cshrc usermin-mysql usermin-ssh usermin-usermount usermin-tunnel 
usermin-mailbox usermin-spamassassin usermin-quota usermin-proc usermin-updown 
usermin-htaccess usermin-cron usermin-plan usermin usermin-forward usermin-at 
usermin-chfn usermin-shell usermin-fetchmail usermin-man usermin-htpasswd 
usermin-changepass
Architecture: source all
Version: 1.090-1
Distribution: unstable
Urgency: high
Maintainer: Debian QA Group <[EMAIL PROTECTED]>
Changed-By: Jaldhar H. Vyas <[EMAIL PROTECTED]>
Description: 
 usermin    - A web interface for user tasks
 usermin-at - An at(1) module for the usermin web-based administration tool
 usermin-changepass - A password module for the usermin web-based administration tool
 usermin-chfn - A user details module for the usermin web-based admin tool
 usermin-commands - A custom commands module for the usermin web-based admin tool
 usermin-cron - A cron module for the usermin web-based administration tool
 usermin-cshrc - A .cshrc module for the usermin web-based administration tool
 usermin-fetchmail - A fetchmail module for the usermin web-based administration tool
 usermin-forward - A .forward module for the usermin web-based administration tool
 usermin-gnupg - A GnuPG module for the usermin web-based administration tool
 usermin-htaccess - An htaccess config module for the usermin web-based admin tool
 usermin-htpasswd - An htpasswd config module for the usermin web-based admin tool
 usermin-mailbox - A mailbox module for the usermin web-based administration tool
 usermin-man - A man module for the usermin web-based administration tool
 usermin-mysql - A mysql module for the usermin web-based administration tool
 usermin-plan - A .plan module for the usermin web-based administration tool
 usermin-postgresql - A postgresql module for the usermin web-based administration tool
 usermin-proc - A process module for the usermin web-based administration tool
 usermin-procmail - A procmail module for the usermin web-based administration tool
 usermin-quota - A quota module for the usermin web-based administration tool
 usermin-shell - A command shell for the usermin web-based administration tool
 usermin-spamassassin - Spamassassin module for the usermin web-based administration 
tool
 usermin-ssh - An SSH module for the usermin web-based administration tool
 usermin-tunnel - An HTTP tunnel module for the usermin web-based admin tool
 usermin-updown - A file transfer module for the usermin web-based admin tool
 usermin-usermount - A file system mount module for the usermin web-based admin tool
Closes: 237541 253890 271252
Changes: 
 usermin (1.090-1) unstable; urgency=high
 .
   * New upstream version.
   * [SECURITY] This version fixes the following security problems:
     CAN-2004-0559
     A security hole in the maketemp.pl script, used to create the
     /tmp/.usermin directory at install time. If an un-trusted user creates this
     directory before usermin is installed, he could create in it a symbolic
     link pointing to a critical file on the system, which would be overwritten
     when usermin writes to the link filename.
 .
     (CAN-2004-0588) SNS Advisory No.77 "Usermin Remote Arbitrary Shell Command
     ExecutionVulnerability" -  A vulnerability in Usermin's Web mail function
     could result in arbitrary OS command execution upon viewing a specially
     crafted HTML  mail.
 .
     Also just for the record, 1.080-1 had fixed:
     SNS Advisory No.73 "Usermin Cross-site Scripting Vulnerability"
     and
     (CAN-2004-0583) SNS Advisory No.75 "Webmin/Usermin Account Lockout Bypass
     Vulnerability"
 .
     (Closes: #271252, #253890)
   * Made usermin-procs config world readable so that usermin-gnupg works
     properly.  Thanks to Jochen Pawletta for his work on solving this.
     (Closes: #237541)
   * Add a note to README.Debian documenting that usermin modules are
     disabled by default.  You need to use webmin-usermin to enable them
     with access controls to your satisfaction.
   * usermin package now recommends webmin-usermin
   * orphaned.
Files: 
 ba09ca2064c88344ba2ad109cbb3556c 979 admin optional usermin_1.090-1.dsc
 7ae8f94d5079048a265351ebcbf25f7c 1708432 admin optional usermin_1.090.orig.tar.gz
 b23f7baa2786196c9ad5a4c2aa7e899e 15526 admin optional usermin_1.090-1.diff.gz
 90c46c6e22380ecd5b6b0212c79dfab7 455962 admin optional usermin_1.090-1_all.deb
 59dc4b1d845d733652d271a4f24f0e04 20476 admin optional usermin-at_1.090-1_all.deb
 511d9b48498af8b06d8f277989f78018 16248 admin optional 
usermin-changepass_1.090-1_all.deb
 3d4a15d815df165ec0e380010156e728 12192 admin optional usermin-chfn_1.090-1_all.deb
 058a53f479aaaf34f0b2ba02f22cefdc 27062 admin optional usermin-commands_1.090-1_all.deb
 53d3ca8517f4388b900fb2591aff7ff1 61630 admin optional usermin-cron_1.090-1_all.deb
 eb9c85e952b0919bf2aa7cc69811ee6e 8242 admin optional usermin-cshrc_1.090-1_all.deb
 02b473a6e5d18385cb19191f72ca2459 35090 admin optional 
usermin-fetchmail_1.090-1_all.deb
 eb17dd41004e57212d92d0bcf97b3ebc 24636 admin optional usermin-forward_1.090-1_all.deb
 45113dd3b1c049e6f8414463ea8d0010 28734 admin optional usermin-gnupg_1.090-1_all.deb
 83951218ad26c175519d94028c7b4b75 269508 admin optional 
usermin-htaccess_1.090-1_all.deb
 3b5358b460c5cbb4430568388909df0c 19728 admin optional usermin-htpasswd_1.090-1_all.deb
 b6195680c5cd9ea2c2adbde9c508e555 162922 admin optional usermin-mailbox_1.090-1_all.deb
 f9214b87a0c37190324f463abcba2a3b 35242 admin optional usermin-man_1.090-1_all.deb
 0ba32404a60777e02e518f81c0fc1b5d 146710 admin optional usermin-mysql_1.090-1_all.deb
 8845a668991fba07dd7487f0165040a0 9718 admin optional usermin-plan_1.090-1_all.deb
 ab689804cc10998c4decaa95fdbe274b 119762 admin optional 
usermin-postgresql_1.090-1_all.deb
 997019bf36c152955b68a267936fbb67 73896 admin optional usermin-proc_1.090-1_all.deb
 dce6a9a8b0f38801d4bf7af89796fe27 26130 admin optional usermin-procmail_1.090-1_all.deb
 95aa31a21e859bd241a1bf61f0418019 46980 admin optional usermin-quota_1.090-1_all.deb
 4692c978554200837aaa678cc91a6895 61310 admin optional usermin-shell_1.090-1_all.deb
 b204487f83c3e16a28fb52d58e5703b8 87514 admin optional 
usermin-spamassassin_1.090-1_all.deb
 a96037994348256c3d75a568b45f749b 44020 admin optional usermin-ssh_1.090-1_all.deb
 84d5e8d9aa337481579b22f67cfc5be0 10856 admin optional usermin-tunnel_1.090-1_all.deb
 c4c22bdbcd96ee03077e68365bc48ba1 20388 admin optional usermin-updown_1.090-1_all.deb
 3dbdb685f7ef43897750a603274b1581 88100 admin optional 
usermin-usermount_1.090-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBRgVo2kYOR+5txmoRAuGNAJwNKvD2vNdwKiJw86gle9DemyA/XQCgq5Yc
s/N3EnnltTmdjRYShJwMnoU=
=8i/U
-----END PGP SIGNATURE-----


Accepted:
usermin-at_1.090-1_all.deb
  to pool/main/u/usermin/usermin-at_1.090-1_all.deb
usermin-changepass_1.090-1_all.deb
  to pool/main/u/usermin/usermin-changepass_1.090-1_all.deb
usermin-chfn_1.090-1_all.deb
  to pool/main/u/usermin/usermin-chfn_1.090-1_all.deb
usermin-commands_1.090-1_all.deb
  to pool/main/u/usermin/usermin-commands_1.090-1_all.deb
usermin-cron_1.090-1_all.deb
  to pool/main/u/usermin/usermin-cron_1.090-1_all.deb
usermin-cshrc_1.090-1_all.deb
  to pool/main/u/usermin/usermin-cshrc_1.090-1_all.deb
usermin-fetchmail_1.090-1_all.deb
  to pool/main/u/usermin/usermin-fetchmail_1.090-1_all.deb
usermin-forward_1.090-1_all.deb
  to pool/main/u/usermin/usermin-forward_1.090-1_all.deb
usermin-gnupg_1.090-1_all.deb
  to pool/main/u/usermin/usermin-gnupg_1.090-1_all.deb
usermin-htaccess_1.090-1_all.deb
  to pool/main/u/usermin/usermin-htaccess_1.090-1_all.deb
usermin-htpasswd_1.090-1_all.deb
  to pool/main/u/usermin/usermin-htpasswd_1.090-1_all.deb
usermin-mailbox_1.090-1_all.deb
  to pool/main/u/usermin/usermin-mailbox_1.090-1_all.deb
usermin-man_1.090-1_all.deb
  to pool/main/u/usermin/usermin-man_1.090-1_all.deb
usermin-mysql_1.090-1_all.deb
  to pool/main/u/usermin/usermin-mysql_1.090-1_all.deb
usermin-plan_1.090-1_all.deb
  to pool/main/u/usermin/usermin-plan_1.090-1_all.deb
usermin-postgresql_1.090-1_all.deb
  to pool/main/u/usermin/usermin-postgresql_1.090-1_all.deb
usermin-proc_1.090-1_all.deb
  to pool/main/u/usermin/usermin-proc_1.090-1_all.deb
usermin-procmail_1.090-1_all.deb
  to pool/main/u/usermin/usermin-procmail_1.090-1_all.deb
usermin-quota_1.090-1_all.deb
  to pool/main/u/usermin/usermin-quota_1.090-1_all.deb
usermin-shell_1.090-1_all.deb
  to pool/main/u/usermin/usermin-shell_1.090-1_all.deb
usermin-spamassassin_1.090-1_all.deb
  to pool/main/u/usermin/usermin-spamassassin_1.090-1_all.deb
usermin-ssh_1.090-1_all.deb
  to pool/main/u/usermin/usermin-ssh_1.090-1_all.deb
usermin-tunnel_1.090-1_all.deb
  to pool/main/u/usermin/usermin-tunnel_1.090-1_all.deb
usermin-updown_1.090-1_all.deb
  to pool/main/u/usermin/usermin-updown_1.090-1_all.deb
usermin-usermount_1.090-1_all.deb
  to pool/main/u/usermin/usermin-usermount_1.090-1_all.deb
usermin_1.090-1.diff.gz
  to pool/main/u/usermin/usermin_1.090-1.diff.gz
usermin_1.090-1.dsc
  to pool/main/u/usermin/usermin_1.090-1.dsc
usermin_1.090-1_all.deb
  to pool/main/u/usermin/usermin_1.090-1_all.deb
usermin_1.090.orig.tar.gz
  to pool/main/u/usermin/usermin_1.090.orig.tar.gz


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to