Your message dated Sat, 12 Mar 2005 17:47:39 GMT
with message-id <[EMAIL PROTECTED]>
and subject line mozilla-browser: password expiry time can be changed by anyone
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 27 Feb 2002 10:07:13 +0000
>From [EMAIL PROTECTED] Wed Feb 27 04:07:12 2002
Return-path: <[EMAIL PROTECTED]>
Received: from pot.cnuce.cnr.it [146.48.83.182]
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 16g0zO-0001tY-00; Wed, 27 Feb 2002 04:07:10 -0600
Received: from pot by pot.cnuce.cnr.it with local (Exim 3.34 #1 (Debian))
id 16g0zM-0006NE-00; Wed, 27 Feb 2002 11:07:08 +0100
From: Francesco Potorti` <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: mozilla-browser: password expiry time can be changed by anyone
X-Debbugs-CC: Francesco Potorti` <[EMAIL PROTECTED]>
Organization:
X-fingerprint: 4B2 6187 5C3 D6B1 2E31 7666 9DF 2DC9 BE21 6115
Message-Id: <[EMAIL PROTECTED]>
Date: Wed, 27 Feb 2002 11:07:08 +0100
Delivered-To: [EMAIL PROTECTED]
Package: mozilla-browser
Version: 2:0.9.8-2
Severity: normal
The password expiry time, which decides how much time should pass before
asking you the master password again, can be changed without entering
the master password itself. This is a serious security hole, because I
can set it to 2 minutes and go away from the room. Then someone gets
in, changes the time to 1000 minutes, and the next time they can use my
master password without me noticing anything.
-- System Information
Debian Release: 3.0
Kernel Version: Linux pot.cnuce.cnr.it 2.2.19 #6 Fri Sep 7 18:53:23 CEST 2001
i686 unknown
Versions of the packages mozilla-browser depends on:
ii debconf 1.0.25 Debian configuration management system
ii libc6 2.2.5-3 GNU C Library: Shared libraries and Timezone
ii libglib1.2 1.2.10-4 The GLib library of C routines
ii libgtk1.2 1.2.10-9 The GIMP Toolkit set of widgets for X
ii libjpeg62 6b-5 The Independent JPEG Group's JPEG runtime li
ii libnspr4 0.9.8-2 Netscape Portable Runtime Library
ii libstdc++2.10- 2.95.4-1 The GNU stdc++ library
ii xlibs 4.1.0-14 X Window System client libraries
ii zlib1g 1.1.3-19 compression library - runtime
---------------------------------------
Received: (at 136020-done) by bugs.debian.org; 12 Mar 2005 17:47:41 +0000
>From [EMAIL PROTECTED] Sat Mar 12 09:47:41 2005
Return-path: <[EMAIL PROTECTED]>
Received: from 48.host.terra.es (tfdsmtp2.mail.isp) [213.4.129.48]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DAAiC-0008CI-00; Sat, 12 Mar 2005 09:47:40 -0800
Received: from teleline.es ([10.20.4.99]) by tfdsmtp2.mail.isp
(Netscape Messaging Server 4.15 tfdsmtp2 Mar 14 2002 21:29:48)
with ESMTP id ID92RE01.SRS for <[EMAIL PROTECTED]>;
Sat, 12 Mar 2005 18:47:38 +0100
Disposition-Notification-To: ROBERTOJIMENOCA <[EMAIL PROTECTED]>
From: ROBERTOJIMENOCA <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Date: Sat, 12 Mar 2005 17:47:39 GMT
X-Mailer: Netscape Webmail
MIME-Version: 1.0
Content-Language: es
Subject: Re: mozilla-browser: password expiry time can be changed by
anyone
X-Accept-Language: es
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-1.0 required=4.0 tests=BAYES_20,
RCVD_IN_BL_SPAMCOP_NET,ROBERTOJIMENOCA autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Lock your session.
If you left your session open someone would be able to put a keylogger
to get your password.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
