Your message dated Sat, 20 Oct 2012 16:02:44 +0000
with message-id <[email protected]>
and subject line Bug#683649: fixed in extplorer 2.1.0b6+dfsg.3-4
has caused the Debian Bug report #683649,
regarding extplorer: creates world writable directory /var/lib/extplorer/ftp_tmp
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
683649: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683649
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: extplorer
Version: 2.1.0b6+dfsg.3-3
Severity: grave
Tags: security
Justification: user security hole
User: [email protected]
Usertags: piuparts
Hi,
during a test with piuparts I noticed that your packages creates a world
writable directory:
drwxrwxrwx 2 root root 60 Aug 1 07:46 /var/lib/extplorer/ftp_tmp
There any local user may delete/replace arbitrary files that were not
created by the user himself.
If the write permissions cannot be restricted to a user or group, the
sticky bit should be set on the directory to prevent users from
manipulating files they don't own.
Andreas
--- End Message ---
--- Begin Message ---
Source: extplorer
Source-Version: 2.1.0b6+dfsg.3-4
We believe that the bug you reported is fixed in the latest version of
extplorer, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Goirand <[email protected]> (supplier of updated extplorer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 20 Oct 2012 15:51:50 +0000
Source: extplorer
Binary: extplorer
Architecture: source all
Version: 2.1.0b6+dfsg.3-4
Distribution: unstable
Urgency: low
Maintainer: Thomas Goirand <[email protected]>
Changed-By: Thomas Goirand <[email protected]>
Description:
extplorer - web file explorer and manager using Ext JS
Closes: 683649
Changes:
extplorer (2.1.0b6+dfsg.3-4) unstable; urgency=low
.
* Sets the stick bit on /var/lib/extplorer/ftp_tmp (Closes: #683649).
Checksums-Sha1:
d0edb7e758caffc2909b3b037aa2c3502c578369 1259 extplorer_2.1.0b6+dfsg.3-4.dsc
4e4b4b7f75a6824d9ff33894ea83fec628524121 10507
extplorer_2.1.0b6+dfsg.3-4.debian.tar.gz
78afd2f9d8fe0493e99c3f1265be75a1cae327b0 351880
extplorer_2.1.0b6+dfsg.3-4_all.deb
Checksums-Sha256:
fa166a34ddf7e7f2eaaafab400446413cd0463b27994294a1304784c74db9cd1 1259
extplorer_2.1.0b6+dfsg.3-4.dsc
85a2421708a43e91f4c586d12a785118d70ccbfcdf9faa4f2a8806c3f1f8d84c 10507
extplorer_2.1.0b6+dfsg.3-4.debian.tar.gz
8f00335fec799e986e3731f47c24ab61111b0b1e552ebee5bf7cbadc4e45ecc8 351880
extplorer_2.1.0b6+dfsg.3-4_all.deb
Files:
f222441e0bfea7d330b68ef0659f54d1 1259 web optional
extplorer_2.1.0b6+dfsg.3-4.dsc
1ad78f6f84a68e58391e1f6c0f02bddf 10507 web optional
extplorer_2.1.0b6+dfsg.3-4.debian.tar.gz
b30dab040fedf5db6fae9195017e9b00 351880 web optional
extplorer_2.1.0b6+dfsg.3-4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlCCyScACgkQl4M9yZjvmkllFgCg3U6JAK/Y/Wl1RRSxIxwf94i6
lDIAnj36CjNKow8rwuidiEA+3HGt5QuL
=UxhJ
-----END PGP SIGNATURE-----
--- End Message ---
