Thanks Dan, it looks like this was introduced with a switch from cdbs to dh packaging formats in Debian version 2.0.6-1 and fixed in Debian version 2.0.7-2. This patch appears to be sufficient to fix the issue:
https://bugs.debian.org/cgi- bin/bugreport.cgi?att=1;bug=834578;filename=ldapscripts.diff.txt;msg=10 Because this package is in Universe is it community-supported; could you try to prepare a debdiff to fix this issue? When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1662164 Title: ldapscripts.passwd uses insecure permissions by default To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ldapscripts/+bug/1662164/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
