Your message dated Wed, 22 Jan 2020 01:05:03 +0000
with message-id <[email protected]>
and subject line Bug#942162: fixed in glances 3.1.3-1
has caused the Debian Bug report #942162,
regarding glances: Unprotected XMLRPC server enabled by default
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
942162: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=942162
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: glances
Version: 3.1.0-1
Severity: normal
Dear Maintainer,
I recently found glances <https://packages.debian.org/buster/glances>
package has added an XMLRPC API server that provides access for remote
users. Unfortunately it requires no authentication, and worse, it binds to
0.0.0.0, meaning glances API is exposed to the whole network.
I suggest that the packager adds a random password on install, and remind
the user to change it afterwards.
-- System Information:
Debian Release: 10.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable'), (90, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages glances depends on:
ii adduser 3.118
ii lsb-base 10.2019051400
ii node-normalize.css 8.0.1-3
ii python3 3.7.3-1
ii python3-pkg-resources 40.8.0-1
ii python3-psutil 5.5.1-1
Versions of packages glances recommends:
ii hddtemp 0.3-beta15-53
ii lm-sensors 1:3.5.0-3
ii python3-bottle 0.12.15-2
ii python3-docker 3.4.1-4
ii python3-influxdb 5.2.0-1
ii python3-matplotlib 3.0.2-2
ii python3-netifaces 0.10.4-1+b1
ii python3-pysnmp4 4.4.6+repack1-1
ii python3-pystache 0.5.4-6
Versions of packages glances suggests:
pn glances-doc <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: glances
Source-Version: 3.1.3-1
We believe that the bug you reported is fixed in the latest version of
glances, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Echeverry <[email protected]> (supplier of updated glances package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 17 Jan 2020 22:14:31 -0500
Source: glances
Architecture: source
Version: 3.1.3-1
Distribution: unstable
Urgency: medium
Maintainer: Daniel Echeverry <[email protected]>
Changed-By: Daniel Echeverry <[email protected]>
Closes: 939073 942162
Changes:
glances (3.1.3-1) unstable; urgency=medium
.
* New upstream release. (Closes: #939073).
* debian/control
+ Add ${sphinxdoc:Depends} in Depends.
+ Bump to Standards-Version 4.4.1 (no changes needed).
+ Mark Rules-Requires-Root: no as we don't need root for building.
* debian/patches
+ Add 006_fix_broken_method_call.patch.
+ Add 007_fix_SyntaxWarning.patch.
+ Refresh 004_disable-pypi.patch.
+ Refresh 005_fix-typo.patch.
* Now glances server listen in 127.0.0.1 (Closes: #942162).
+ Read README.Debian file for more info.
* Update lintian-overrides file.
Checksums-Sha1:
4c02166f151ae10b313f1386589fdbd7aa910fb5 2122 glances_3.1.3-1.dsc
cb4c04db2155302f2ee3e1153dfe4b8f7f918f19 6759527 glances_3.1.3.orig.tar.gz
a5a628f4bb6b18aad1a43999d674ccc1a4e08368 11788 glances_3.1.3-1.debian.tar.xz
f4a211fa14bc1be384bdafab9633f460e8ce1c67 7475 glances_3.1.3-1_source.buildinfo
Checksums-Sha256:
c134b3c2aae3067ed4e608f323630bfa466d1d9feeca45e99c7dd739307973e8 2122
glances_3.1.3-1.dsc
e3e8f9362b82c74427522e82501b47696945251035b35282f9ee4bc533996220 6759527
glances_3.1.3.orig.tar.gz
2f3661c785e48ff49b2c0fc96195076c1c961a3df91f13356bdb6262951dc6d4 11788
glances_3.1.3-1.debian.tar.xz
1b864818d6ff62d2ad13a10f136e22080ac019cd16612863dac19d00dfa24f06 7475
glances_3.1.3-1_source.buildinfo
Files:
72d24722b7331f00580365165a2bb2d9 2122 utils optional glances_3.1.3-1.dsc
2be39211e69647d70313ea6a6d6a6a44 6759527 utils optional
glances_3.1.3.orig.tar.gz
0955e1d504d6aa38b4f8882f705e4082 11788 utils optional
glances_3.1.3-1.debian.tar.xz
6d174dd5a35fcec4d3bf88cef2be805f 7475 utils optional
glances_3.1.3-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCgAxFiEE0NCFsWnDv9lASFj6IfwpUEtSMNsFAl4nnQ0THGVwc2lsb25A
ZGViaWFuLm9yZwAKCRAh/ClQS1Iw2xagEAC3pWS1Wp8LxwWgByaHZbG8ofqu+pbt
9AO7Ko4/ehS/4FiiIZXsbDLr1gC5uP+cVJo+Lx0XvvpXPwMqdPiNVQUmTjni1d6Q
htKc6ID5ZCiy5oQS/etVc86Ptd3EIOf7NR888UlkDa9oaWfCIYfBLg0PV7wi/B+Q
gMDC2kmrcVDhAOAZLbIqnvm836pT4Z7DAjX++6Kb1pYjDiEgjAMptohYPa5A44BB
JOpYPXg43zjkBG90YFPUFzXt+0+XjsxaMU8nVCGgP32iGBQT8nC2clm33uqpoEBB
htdyyG6e7qdFMBcTm8/qpmf3EkbolakSZBX6GHFsBoReI9x1ZsJ+V/QK42iJqlsv
uQGA1DY5A0rlvkaJlZlBujPQLQNoI6d4qbfnq5rcWY3Z6KBq62PoEkxFml9MG778
dMdlbyYLUnFul2fAaE/CjxfxMMky2ruFbMXTWQrnKiUnh+Pmrq5huMeFk0bbC+8X
gZCOztH6v+WXIAVoi0+aRdShLpXcphaE64khnsNVxh3GVB1O8+5BaXBKnyKXsnnu
FODrezbM04CKihVqNQZdtWSq25e/ViRGckD+yjgWzI1v7wXynPzASeoXfgrUeEKL
z69EKJVh+E1z1CX9V7bBc7IpBu5NrGOAXnVA8Qztn5YP8PR6BeHAIHwbOtaV9Fbr
YFY2wamy+sNRrw==
=u8Co
-----END PGP SIGNATURE-----
--- End Message ---
