Package: horde2 Version: 2.2.7-7 Severity: important
/usr/share/horde2/test.php is word readable, and since it includes a phpinfo() function can expose php and apache settings. I suggest to make it 600 and add a note in README.Debian explaining the question and how to enable it to debug installation. Also please note php 4.3.11 has remove Net_Socket, MAIL and DB pear modules so when it will be released php4-pear will not have these needed pear modules, so seperate packages will be needed like php4-pear-log. Best Regards -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.11-rc4 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages horde2 depends on: ii apache2-mpm-prefork [httpd] 2.0.54-2 traditional model for Apache2 ii binutils 2.15-5 The GNU assembler, linker and bina ii debconf 1.4.48 Debian configuration management sy ii gettext 0.14.4-1 GNU Internationalization utilities ii logrotate 3.7-2 Log rotation utility ii make 3.80-9 The GNU version of the "make" util ii perl 5.8.4-8 Larry Wall's Practical Extraction ii php4 4:4.3.10-12 server-side, HTML-embedded scripti ii php4-pear 4:4.3.10-12 PEAR - PHP Extension and Applicati ii php4-pear-log 1.6.0-1.1 Log module for PEAR ii wwwconfig-common 0.0.43 Debian web auto configuration -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
