Report forwarded to debian-bugs-dist@lists.debian.org, Chris Lawrence <lawrencc@debian.org>: Bug#295407; Package reportbug.
(full text, mbox, link).
Acknowledgement sent to Rolf Leggewie <debian-bugs@rolf.leggewie.biz>:
New Bug report received and forwarded. Copy sent to Chris Lawrence <lawrencc@debian.org>.
(full text, mbox, link).
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: reportbug: config files are world readable
Date: Tue, 15 Feb 2005 11:53:16 +0100
Package: reportbug
Version: 3.2
Severity: grave
Justification: user security hole
The conf files for reportbug are created world-readable. For users of
smart-hosts this represents a security hole since it exposes their
passwords on that host for any local user to pick up. Heck, reportbug
even included that information in this bug report before I deleted it.
-- Package-specific info:
** /home/leggewie/.reportbugrc:
reportbug_version "3.2"
mode standard
ui text
realname "Rolf Leggewie"
email "debian-bugs@rolf.leggewie.biz"
smtphost "postman.arcor.de"
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-1-586tsc
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages reportbug depends on:
ii python2.3 2.3.4-19 An interactive high-level object-o
-- no debconf information
Reply sent to Chris Lawrence <lawrencc@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Rolf Leggewie <debian-bugs@rolf.leggewie.biz>:
Bug acknowledged by developer.
(full text, mbox, link).
Source: reportbug
Source-Version: 3.8
We believe that the bug you reported is fixed in the latest version of
reportbug, which is due to be installed in the Debian FTP archive:
reportbug_3.8.dsc
to pool/main/r/reportbug/reportbug_3.8.dsc
reportbug_3.8.tar.gz
to pool/main/r/reportbug/reportbug_3.8.tar.gz
reportbug_3.8_all.deb
to pool/main/r/reportbug/reportbug_3.8_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 295407@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Lawrence <lawrencc@debian.org> (supplier of updated reportbug package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 15 Feb 2005 11:50:53 -0600
Source: reportbug
Binary: reportbug
Architecture: source all
Version: 3.8
Distribution: unstable
Urgency: medium
Maintainer: Chris Lawrence <lawrencc@debian.org>
Changed-By: Chris Lawrence <lawrencc@debian.org>
Description:
reportbug - reports bugs in the Debian distribution
Closes: 293188295407
Changes:
reportbug (3.8) unstable; urgency=medium
.
* Create .reportbugrc with mode 600. (Closes: #295407)
* Drop references to bug(1) from man page. (Closes: #293188)
* Don't send Bcc field in messages to any external programs.
Files:
dbea6643902266b455f77e1296674be1 520 utils standard reportbug_3.8.dsc
6f4eae34ceea8f7b8cdbf0286a46eaa4 128974 utils standard reportbug_3.8.tar.gz
157abbd5e1a74399183009937da6a14e 109090 utils standard reportbug_3.8_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCEjcQ2wQKE6PXubwRAjEIAJ4o2VHu6nm2+e/ETrbIQqoXcxs4hwCghqn6
IwvFLsM/ocEF86Q7jmqyXTc=
=GTVa
-----END PGP SIGNATURE-----
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.