Your message dated Thu, 26 Jan 2006 03:02:13 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#260775: fixed in oops 1.5.23.cvs-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 22 Jul 2004 06:25:03 +0000
>From [EMAIL PROTECTED] Wed Jul 21 23:25:03 2004
Return-path: <[EMAIL PROTECTED]>
Received: from n2.umc.com.ua [80.255.64.69]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BnX0p-0006Rn-00; Wed, 21 Jul 2004 23:25:03 -0700
Received: from dino.umc.com.ua (dino.umc.com.ua [172.20.168.25])
by n2.umc.com.ua (Postfix) with ESMTP id 63D5382A24
for <[EMAIL PROTECTED]>; Thu, 22 Jul 2004 09:24:59 +0300 (EEST)
Received: from rock.umc.com.ua (rock.umc.com.ua [172.20.7.11])
by dino.umc.com.ua (Postfix) with ESMTP id 5669182893
for <[EMAIL PROTECTED]>; Thu, 22 Jul 2004 09:24:59 +0300 (EEST)
Received: from ip6-localhost ([172.20.66.130])
by rock.umc.com.ua (Lotus Domino Release 6.5.2)
with ESMTP id 2004072209245719-20621 ;
Thu, 22 Jul 2004 09:24:57 +0300
Received: from mkut by ip6-localhost with local (Exim 4.34)
id 1BnX0j-0000q1-OI; Thu, 22 Jul 2004 09:24:57 +0300
MIME-Version: 1.0
From: Max Kutny <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: oops.cfg should not be readable worlwide
X-Mailer: reportbug 2.63
Date: Thu, 22 Jul 2004 09:24:57 +0300
Message-Id: <[EMAIL PROTECTED]>
Sender: Max Kutny <[EMAIL PROTECTED]>
X-MIMETrack: Itemize by SMTP Server on Domino/UMC/UA(Release 6.5.2|June 01,
2004) at
22.07.2004 09:24:57,
Serialize by Router on Domino/UMC/UA(Release 6.5.2|June 01, 2004) at
22.07.2004 09:24:58,
Serialize complete at 22.07.2004 09:24:58
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: oops
Version: 1.5.23.cvs-2
Severity: normal
Tags: security
Permissions of /etc/oops/oops.cfg are root:root 644, that allows any
sensitive information (credentials to login to parent proxy, for
example) to be visible by everyone.
I believe that permissions like root:proxy 640 or event 660 are better
than provided by the package.
Even better solution would be to leave oops.cfg as world-readable and
move credential information to separate includable file with proper
permissions. Thus allowing a public information to be accessible by everyone.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.7-1-686
Locale: LANG=uk_UA.UTF-8, LC_CTYPE=uk_UA.UTF-8
Versions of packages oops depends on:
ii debconf 1.4.29 Debian configuration management sy
ii libc6 2.3.2.ds1-13 GNU C Library: Shared libraries an
ii libdb3 3.2.9-20 Berkeley v3 Database Libraries [ru
ii libgcc1 1:3.4.1-2 GCC support library
ii libpam0g 0.76-22 Pluggable Authentication Modules l
ii libstdc++5 1:3.3.4-5 The GNU Standard C++ Library v3
ii netbase 4.17 Basic TCP/IP networking system
-- debconf information:
* oops/httpport: 3128
* oops/format: true
* oops/icpport:
---------------------------------------
Received: (at 260775-close) by bugs.debian.org; 26 Jan 2006 11:10:23 +0000
>From [EMAIL PROTECTED] Thu Jan 26 03:10:23 2006
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1F24tJ-0001xp-0S; Thu, 26 Jan 2006 03:02:13 -0800
From: Reinhard Tartler <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.65 $
Subject: Bug#260775: fixed in oops 1.5.23.cvs-3
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 26 Jan 2006 03:02:13 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 3
Source: oops
Source-Version: 1.5.23.cvs-3
We believe that the bug you reported is fixed in the latest version of
oops, which is due to be installed in the Debian FTP archive:
oops_1.5.23.cvs-3.diff.gz
to pool/main/o/oops/oops_1.5.23.cvs-3.diff.gz
oops_1.5.23.cvs-3.dsc
to pool/main/o/oops/oops_1.5.23.cvs-3.dsc
oops_1.5.23.cvs-3_i386.deb
to pool/main/o/oops/oops_1.5.23.cvs-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Reinhard Tartler <[EMAIL PROTECTED]> (supplier of updated oops package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 25 Jan 2006 18:32:14 +0000
Source: oops
Binary: oops
Architecture: source i386
Version: 1.5.23.cvs-3
Distribution: unstable
Urgency: low
Maintainer: Michael Zehrer <[EMAIL PROTECTED]>
Changed-By: Reinhard Tartler <[EMAIL PROTECTED]>
Description:
oops - caching HTTP proxy server written for performance
Closes: 231923 245184 260775 314906 316513 330322 332052 342325 349848
Changes:
oops (1.5.23.cvs-3) unstable; urgency=low
.
* Acknowledge NMUs (Closes: #316513, #330322, #332052, #314906, #260775)
* Add myself to uploaders
* remove '--disable-static-modules' from debian/rules. This breaks the
package in severe ways. (no -fPIC, no oopsctl and initscript fails)
(Closes: #342325)
* english only template html files (Closes: #245184)
* don't update config.{guess,sub} on clean. Do this manually instead!
* make initfile aware that /var/run can be tempfs (Closes: #349848)
* call configure with variable CC set to gcc. This makes configure use gcc
as linker instead of ld. (Closes: #231923)
* Updated standards version to 3.6.2.0 (no changes needed)
* Use debhelper compat level 5
.
* Upload sponsored by Norbert Tretkowski <[EMAIL PROTECTED]>
Files:
fd9c988ac3b8719263a333e16706b73c 700 web optional oops_1.5.23.cvs-3.dsc
957d1a659bc0abf1c05025911a11f7b9 107620 web optional oops_1.5.23.cvs-3.diff.gz
c54a502d99c43311cd7b047a7f4ba7eb 334610 web optional oops_1.5.23.cvs-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFD2KkEr/RnCw96jQERAspaAKCVy8l8RMqiqBqtBDYJlDmUn3sHyACfb4NN
6RJNVOZ9Z3WleFrxFvCdxxA=
=vzrd
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
