Your message dated Sun, 6 Nov 2005 22:34:29 +0000
with message-id <[EMAIL PROTECTED]>
has caused the Debian Bug report #337830,
regarding Security problem in kphone
to be marked as having been forwarded to the upstream software
author(s) [email protected], [EMAIL PROTECTED]
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
---------------------------------------
Received: (at 337830-forwarded) by bugs.debian.org; 6 Nov 2005 22:34:48 +0000
>From [EMAIL PROTECTED] Sun Nov 06 14:34:48 2005
Return-path: <[EMAIL PROTECTED]>
Received: from 88-109-1-15.dynamic.dsl.as9105.com (bristol.purcell.id.au)
[88.109.1.15] (Debian-exim)
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EYt68-0005Wr-00; Sun, 06 Nov 2005 14:34:48 -0800
Received: from [192.168.3.149] (helo=dell.purcell.id.au)
by bristol.purcell.id.au with esmtp (Exim 4.52)
id 1EYt5y-0002aY-9m; Sun, 06 Nov 2005 22:34:42 +0000
Received: from mark by dell.purcell.id.au with local (Exim 4.54)
id 1EYt5q-00024t-Cs; Sun, 06 Nov 2005 22:34:30 +0000
Content-Length: 1015
From: Mark Purcell <[EMAIL PROTECTED]>
Organization: Debian GNU Linux
To: [email protected],
[EMAIL PROTECTED]
Date: Sun, 6 Nov 2005 22:34:29 +0000
User-Agent: KMail/1.8.2
Cc: [EMAIL PROTECTED],
Sven Dreyer <[EMAIL PROTECTED]>
Disposition-Notification-To: Mark Purcell <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 192.168.3.149
X-SA-Exim-Rcpt-To: [email protected], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED]
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
Subject: Fwd: Bug#337830: Security problem in kphone
X-SA-Exim-Version: 4.2 (built Thu, 03 Mar 2005 10:44:12 +0100)
X-SA-Exim-Scanned: Yes (on bristol.purcell.id.au)
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER,
HAS_PACKAGE autolearn=ham version=2.60-bugs.debian.org_2005_01_02
Hey kphone-devel,
Find enclosed a security bug report about kphone from a Debian user.
This and other kphone issues in Debian can be found at
http://bugs.debian.org/kphone.
Mark
---------- Forwarded Message ----------
Subject: Bug#337830: Security problem in kphone
Date: Sunday 06 November 2005 19:11
From: Sven Dreyer <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Package: kphone
Version: 4.2-3
Severity: serious
I think I have found a security flaw in kphone:
it creates ~/.qt/kphonerc world-readable! This file contains the user's
SIP-password and so on, so I guess this is a bad thing, because the
~/.qt dir itself is by default also readable by everybody.
I removed the whole ~/.qt dir and restarted kphone: same behaviour.
Regards,
Sven
_______________________________________________
Pkg-voip-maintainers mailing list
[EMAIL PROTECTED]
http://lists.alioth.debian.org/mailman/listinfo/pkg-voip-maintainers
-------------------------------------------------------
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
