Your message dated Tue, 28 Apr 2009 05:02:04 +0000
with message-id <[email protected]>
and subject line Bug#523476: fixed in pptp-linux 1.7.2-3
has caused the Debian Bug report #523476,
regarding pptp-linux: pptpsetup permissions
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
523476: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523476
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
package: pptp-linux
severity: important
tags: security
Hello,
Fedora issued the following update for pptp-linux, which they have
tagged as security-related:
This update corrects the behaviour of pptpsetup when its --delete
option is used, retaining the permissions of /etc/ppp/chap-secrets
rather than creating a new file that is likely to be world-readable.
If you have previously used the --delete option of pptpsetup, you
should reset the permissions of /etc/ppp/chap- secrets to their
default value of 0600 unless you have good reasons to use another
value: # chmod 600 /etc/ppp/chap-secrets
Is this problem present in debian, and should it be of concern to the
security team? From my perspective, the problem seems rather
insignificant, but I will defer to your opinion as the maintainer.
See the Fedora security announcement for more details [1].
Thanks for your assistance on this issue.
[1] http://lwn.net/Articles/328042/
--- End Message ---
--- Begin Message ---
Source: pptp-linux
Source-Version: 1.7.2-3
We believe that the bug you reported is fixed in the latest version of
pptp-linux, which is due to be installed in the Debian FTP archive:
pptp-linux_1.7.2-3.diff.gz
to pool/main/p/pptp-linux/pptp-linux_1.7.2-3.diff.gz
pptp-linux_1.7.2-3.dsc
to pool/main/p/pptp-linux/pptp-linux_1.7.2-3.dsc
pptp-linux_1.7.2-3_i386.deb
to pool/main/p/pptp-linux/pptp-linux_1.7.2-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ola Lundqvist <[email protected]> (supplier of updated pptp-linux package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 28 Apr 2009 06:47:47 +0200
Source: pptp-linux
Binary: pptp-linux
Architecture: source i386
Version: 1.7.2-3
Distribution: unstable
Urgency: high
Maintainer: Ola Lundqvist <[email protected]>
Changed-By: Ola Lundqvist <[email protected]>
Description:
pptp-linux - Point-to-Point Tunneling Protocol (PPTP) Client
Closes: 523476
Changes:
pptp-linux (1.7.2-3) unstable; urgency=high
.
* Instead of changing permissions after, make sure to set the proper
umask. Closes: #523476.
Checksums-Sha1:
81bc5d4786660164cdd4b94dfeb7d07c71ea2c23 962 pptp-linux_1.7.2-3.dsc
90be3137083202eea9238b5c4b4df6473c7c0aed 6494 pptp-linux_1.7.2-3.diff.gz
ccf565157478754f4d405e9cc096f470ea0df60d 48704 pptp-linux_1.7.2-3_i386.deb
Checksums-Sha256:
be6862520b5f34056e86a6890d5ea9978bba93ef193b8e50eea6cfd2382eaa49 962
pptp-linux_1.7.2-3.dsc
7597cd6e305cf48627cf625a16998f13e73e852b194e4935a83cebf389200ace 6494
pptp-linux_1.7.2-3.diff.gz
9015125008a930f8d8081be2e9cd9f81f5bad6019169d098eb98168800772c9a 48704
pptp-linux_1.7.2-3_i386.deb
Files:
6afe2c1875b962ab5101690fa6a7d8c2 962 net optional pptp-linux_1.7.2-3.dsc
596d1131aa47a57f4e00d2e4007add90 6494 net optional pptp-linux_1.7.2-3.diff.gz
9a82ba7f3ae99d2cb5b1ac595fb43640 48704 net optional pptp-linux_1.7.2-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkn2issACgkQGKGxzw/lPdnECwCfQowr/tcUs8oFL6B6EbbF1ykU
OrsAn36CREcvn1X3Bw0FYpD91+L9w/2y
=p+ki
-----END PGP SIGNATURE-----
--- End Message ---
