Your message dated Sun, 12 Apr 2009 17:02:03 +0000
with message-id <[email protected]>
and subject line Bug#523476: fixed in pptp-linux 1.7.2-2
has caused the Debian Bug report #523476,
regarding pptp-linux: pptpsetup permissions
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
523476: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523476
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
package: pptp-linux
severity: important
tags: security
Hello,
Fedora issued the following update for pptp-linux, which they have
tagged as security-related:
This update corrects the behaviour of pptpsetup when its --delete
option is used, retaining the permissions of /etc/ppp/chap-secrets
rather than creating a new file that is likely to be world-readable.
If you have previously used the --delete option of pptpsetup, you
should reset the permissions of /etc/ppp/chap- secrets to their
default value of 0600 unless you have good reasons to use another
value: # chmod 600 /etc/ppp/chap-secrets
Is this problem present in debian, and should it be of concern to the
security team? From my perspective, the problem seems rather
insignificant, but I will defer to your opinion as the maintainer.
See the Fedora security announcement for more details [1].
Thanks for your assistance on this issue.
[1] http://lwn.net/Articles/328042/
--- End Message ---
--- Begin Message ---
Source: pptp-linux
Source-Version: 1.7.2-2
We believe that the bug you reported is fixed in the latest version of
pptp-linux, which is due to be installed in the Debian FTP archive:
pptp-linux_1.7.2-2.diff.gz
to pool/main/p/pptp-linux/pptp-linux_1.7.2-2.diff.gz
pptp-linux_1.7.2-2.dsc
to pool/main/p/pptp-linux/pptp-linux_1.7.2-2.dsc
pptp-linux_1.7.2-2_i386.deb
to pool/main/p/pptp-linux/pptp-linux_1.7.2-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ola Lundqvist <[email protected]> (supplier of updated pptp-linux package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 12 Apr 2009 18:48:18 +0200
Source: pptp-linux
Binary: pptp-linux
Architecture: source i386
Version: 1.7.2-2
Distribution: unstable
Urgency: low
Maintainer: Ola Lundqvist <[email protected]>
Changed-By: Ola Lundqvist <[email protected]>
Description:
pptp-linux - Point-to-Point Tunneling Protocol (PPTP) Client
Closes: 523476
Changes:
pptp-linux (1.7.2-2) unstable; urgency=low
.
* Make sure that the pptpsetup --delete option do not make passwords
in chap-secrets file visible to anyone. Closes: #523476.
Checksums-Sha1:
cb247d3dfe4d72321c76abd44709b49ccf4703bd 962 pptp-linux_1.7.2-2.dsc
fe4aa96c409e78a2ff3fb791807e95599d6b8d32 6380 pptp-linux_1.7.2-2.diff.gz
bc65e1535aa919c15780eb26cc651a1fc6c5adbf 48612 pptp-linux_1.7.2-2_i386.deb
Checksums-Sha256:
b498508a123ce0ad151d8cb3439cd3a384a6f6ded109db6c7a36cf33ea79cc02 962
pptp-linux_1.7.2-2.dsc
472595b4dfb972443ab8a12458f90008ff474abfe43d83204253c365b3052086 6380
pptp-linux_1.7.2-2.diff.gz
8d7742280dcbfeee7908524d4532c11c77b8230e9a28909cfe6a7c76a0df3820 48612
pptp-linux_1.7.2-2_i386.deb
Files:
4a933fee5cdc3d3b807b8fc5f29df17f 962 net optional pptp-linux_1.7.2-2.dsc
aefd50b739847e7b803ae411205e25da 6380 net optional pptp-linux_1.7.2-2.diff.gz
57eb6e79049fffbb8bb45521449c1e4a 48612 net optional pptp-linux_1.7.2-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkniG3IACgkQGKGxzw/lPdkTLwCfasxl8MlV0Ab0E2Gw2oxiSYMh
C+MAoKWaDBg6nvXRBjZsceh1WPBN/tEf
=qSkN
-----END PGP SIGNATURE-----
--- End Message ---
