Bug#676589: marked as done (fex: /etc/fex/fex.ph permissions exposes $admin_pw to local users)

Thu, 19 Jul 2012 04:36:19 -0700 

Your message dated Thu, 19 Jul 2012 11:32:10 +0000
with message-id <[email protected]>
and subject line Bug#676589: fixed in fex 20120718-1
has caused the Debian Bug report #676589,
regarding fex: /etc/fex/fex.ph permissions exposes $admin_pw to local users
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
676589: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=676589
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: fex
Version: 20120215-3
Severity: normal

# ls -l /etc/fex/fex.ph 
-rw-r--r-- 1 root root 3709 Jun  7 22:11 /etc/fex/fex.ph

This exposes the $admin_pw to local users on that machine.

A fix for this appears to be:

  chown fex.fex /etc/fex/fex.ph
  chmod 600 /etc/fex/fex.ph

Jim

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=UTF-8) (ignored: LC_ALL set to 
en_AU.utf8)
Shell: /bin/sh linked to /bin/bash

Versions of packages fex depends on:
ii  adduser                    3.113+nmu3
ii  debconf [debconf-2.0]      1.5.43
ii  libdigest-md5-file-perl    0.08-1
ii  libjs-jquery               1.7.2+debian-1
ii  perl                       5.14.2-11
ii  ucf                        3.0025+nmu3
ii  unzip                      6.0-6
ii  xinetd [inet-superserver]  1:2.3.14-7.1

Versions of packages fex recommends:
ii  fex-utils        20120215-3
ii  libnet-dns-perl  0.66-2+b2
ii  perl-modules     5.14.2-11

fex suggests no packages.

-- debconf information:
  fex/lastver: 0

--- End Message ---
--- Begin Message --- 
Source: fex
Source-Version: 20120718-1

We believe that the bug you reported is fixed in the latest version of
fex, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kilian Krause <[email protected]> (supplier of updated fex package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 19 Jul 2012 11:25:16 +0200
Source: fex
Binary: fex fex-utils
Architecture: source all
Version: 20120718-1
Distribution: unstable
Urgency: low
Maintainer: Giuseppe Iuculano <[email protected]>
Changed-By: Kilian Krause <[email protected]>
Description: 
 fex        - web service for transferring very large files
 fex-utils  - web service for transferring very large files (utils)
Closes: 656631 676589 678211
Changes: 
 fex (20120718-1) unstable; urgency=low
 .
   * New upstream version 20120718
    - F*IX removed (Closes: #678211)
    - License changed from GPL to AGPL
    - anonymous uploads (optional)
    - better wget support
    - minor bug fixes
   * Update README.Debian to explain F*IX upstream situation (Closes: #656631)
   * Depend on ssmtp | mail-transport-agent to make sure we can send email
     (LP#938322)
   * Fix /etc/fex/fex.ph permissions (Closes: #676589)
   * Move fex.pl to /etc/fex/ to allow personalized HTML contents.
   * Update manpages - big thanks to Michael Bussmann <[email protected]>!
Checksums-Sha1: 
 78f47551796cf814db43cbafe22439b4ca02008f 1244 fex_20120718-1.dsc
 7a725d4318568d7a8832e3b9cef9f683c6186f4e 317916 fex_20120718.orig.tar.gz
 b0500b1881bb40fdd86c074d7913f9e561b2a785 30701 fex_20120718-1.debian.tar.gz
 9cefb39bb13b27f2ec6d741a82fb0f7246d88b75 524962 fex_20120718-1_all.deb
 0caa70dc33f90505b3947ab917c057683ee9222b 64728 fex-utils_20120718-1_all.deb
Checksums-Sha256: 
 668fc66d607a902b05ca014ec13de8543f146743c1a5dc5035d5f8c971d95e49 1244 
fex_20120718-1.dsc
 d8c9887ceef655159a1261e2d605acc7450b0081851909eb1f96aff4bc2a5a8d 317916 
fex_20120718.orig.tar.gz
 84e5b340c48f034cf0bfefee6b03f57c572a9d3ddfa5263b41dee4a037fddab2 30701 
fex_20120718-1.debian.tar.gz
 4179d196c736792787d25c9f96f209a0690efbb663f16fbd9826437456236b29 524962 
fex_20120718-1_all.deb
 6b9f4a0048f878b8544280598bcab56c92421e4b975181ac44c891d07e1129b7 64728 
fex-utils_20120718-1_all.deb
Files: 
 f32ab9abeb49a4e3e43e3106f3ad6bd5 1244 web optional fex_20120718-1.dsc
 abce098c80814895d106ab5ddff4d43d 317916 web optional fex_20120718.orig.tar.gz
 620bb1f832a8889d8ce338174407d99e 30701 web optional 
fex_20120718-1.debian.tar.gz
 cf6e111f63d7483dbec217f9349675ca 524962 web optional fex_20120718-1_all.deb
 a73c5840106cfba45f5345b1df26bb50 64728 web optional 
fex-utils_20120718-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFQB+8avdkzt4X+wX8RAhMvAJsH2nEHzvmEYCjbNrQxG9k9SjsH2QCfV9Lb
kdUCWMNBW9CkeboNgOGfbfc=
=M5nA
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to