Package: mantis Version: 1.1.6+dfsg-2.5 Severity: important Tags: security Hi.
Mantis shouldn't install with an administrator account with a predictible password as currently done. Such a password should be random and saved somewhere for root users to retrieve. There are too likely chances that users forget to change it after installation leading the way to data loss. Hope this helps, Best regards, -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (500, 'testing-proposed-updates') Architecture: i386 (i686) Kernel: Linux 2.6.29-2-686 (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages mantis depends on: ii apache2 2.2.11-3 Apache HTTP Server metapackage ii apache2-mpm-prefork [http 2.2.11-3 Apache HTTP Server - traditional n ii dbconfig-common 1.8.41 common framework for packaging dat ii debconf [debconf-2.0] 1.5.26 Debian configuration management sy ii libapache2-mod-php5 5.2.9.dfsg.1-2 server-side, HTML-embedded scripti ii libnusoap-php 0.7.3-1 SOAP toolkit for PHP ii libphp-adodb 5.07-1 The ADOdb database abstraction lay ii libphp-phpmailer 2.1-1 full featured email transfer class ii php5-cli 5.2.9.dfsg.1-2 command-line interpreter for the p ii ucf 3.0018 Update Configuration File: preserv Versions of packages mantis recommends: ii mysql-client-5.0 [mysql-c 5.0.51a-24 MySQL database client binaries ii php5-mysql 5.2.9.dfsg.1-2 MySQL module for php5 Versions of packages mantis suggests: ii mysql-server 5.0.51a-24 MySQL database server (metapackage ii mysql-server-5.0 [mysql-s 5.0.51a-24 MySQL database server binaries ii php5-cli 5.2.9.dfsg.1-2 command-line interpreter for the p -- debconf information excluded -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
