On Friday 20 March 2015 02:36:36, Daniel Kahn Gillmor wrote:
make-ssl-cert appears to create the secret key material and then
chmod it to restrict permissions. This leaves a race condition
where a non-privileged user on the system can read the file before
the permissions change takes effect,
Your message dated Sun, 29 Mar 2015 21:23:37 +
with message-id e1yckgd-0004ik...@franck.debian.org
and subject line Bug#780828: fixed in ssl-cert 1.0.36
has caused the Debian Bug report #780828,
regarding ssl-cert: make-ssl-cert leaves window where new secret key may be
world-readable
to be
Accepted:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 29 Mar 2015 22:33:57 +0200
Source: ssl-cert
Binary: ssl-cert
Architecture: source all
Version: 1.0.36
Distribution: unstable
Urgency: medium
Maintainer: Debian Apache Maintainers debian-apache@lists.debian.org
3 matches
Mail list logo