Package: prosody
Version: 0.6.2-1
Severity: normal
Tags: security
X-Debbugs-CC: [email protected]
--- Please enter the report below this line. ---
Hi,
It seems that /var/lib/prosody and all subdirectory and files are world
readable. Since those files can contain plaintext password, it is very
annoying for public servers.
Please make sure that database can only be read by the prosody user.
--- System information. ---
Architecture: i386
Kernel: Linux 2.6.32-3-686
Debian Release: squeeze/sid
500 unstable ftp.fr.debian.org
--- Package information. ---
Depends (Version) | Installed
=======================================-+-==============
adduser | 3.112
openssl | 0.9.8n-1
lua5.1 |
liblua5.1-0 | 5.1.4-5
liblua5.1-expat0 |
liblua5.1-socket2 |
libc6 (>= 2.2) | 2.10.2-6
libidn11 (>= 1.13) | 1.18-1
libssl0.9.8 (>= 0.9.8m-1) | 0.9.8n-1
liblua5.1-filesystem0 |
Recommends (Version) | Installed
=============================-+-===========
liblua5.1-sec1 |
Package's Suggests field is empty.
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
