Your message dated Fri, 26 Sep 2014 12:42:17 +0200
with message-id <[email protected]>
and subject line Closing bug #747302
has caused the Debian Bug report #747302,
regarding Security flaw: deleted config files get restored
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
747302: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747302
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: asterisk
Version: 1.8.13.1~dfsg1-3+deb7u3
The Asterisk (open source telephony switching and private branch
exchange service) comes with many example config files in place
which post possible security risk as they configure features which
should not be present on a production system.
Now, if these config files are deleted they are restored by the next
update meaning that the system get screwed and it may lead to a security
problem.
Therfore I'd suggest that config files that are just examples (and not
feasible defaults like e.g. ) all be moved out of the /etc/asterisk to
some documentation directory.
Thanks!
--- End Message ---
--- Begin Message ---
The behaviour described in this bug is just standard conffile handling.
If you want to "cancel out" some config files, either:
- replace those files by empty ones (cp /dev/null
/etc/asterisk/SOMEFILE.conf)
or
- provide your own asterisk-config-custom package to completely override
asterisk's configuration
Cheers,
Jeremy
--- End Message ---
