Debian Bug report logs -
#415855
bip: [security] IRC passwords in /etc/bip.conf world readable
Reported by: Frans Pop <elendil@planet.nl>
Date: Thu, 22 Mar 2007 16:36:42 UTC
Severity: important
Tags: security
Found in version bip/0.5.3-3
Fixed in version bip/0.5.3-4
Done: Arnaud Cornet <arnaud.cornet@gmail.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Arnaud Cornet <arnaud.cornet@gmail.com>:
Bug#415855; Package bip.
(full text, mbox, link).
Acknowledgement sent to Frans Pop <elendil@planet.nl>:
New Bug report received and forwarded. Copy sent to Arnaud Cornet <arnaud.cornet@gmail.com>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: bip
Version: 0.5.3-3
Severity: important
Tags: security
The /etc/bip.conf file can hold plain text IRC passwords needed to log
onto a server, but the default permissions make the file world readable.
Instead, the file should be owned by group bip and not be world readable:
-rw-r----- 1 root bip 4149 2007-03-22 15:21 bip.conf
Maybe the file should even be owned by user bip.
Cheers,
FJP
[Message part 2 (application/pgp-signature, inline)]
Reply sent to Arnaud Cornet <arnaud.cornet@gmail.com>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Frans Pop <elendil@planet.nl>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #10 received at 415855-close@bugs.debian.org (full text, mbox, reply):
Source: bip
Source-Version: 0.5.3-4
We believe that the bug you reported is fixed in the latest version of
bip, which is due to be installed in the Debian FTP archive:
bip_0.5.3-4.diff.gz
to pool/main/b/bip/bip_0.5.3-4.diff.gz
bip_0.5.3-4.dsc
to pool/main/b/bip/bip_0.5.3-4.dsc
bip_0.5.3-4_i386.deb
to pool/main/b/bip/bip_0.5.3-4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 415855@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Arnaud Cornet <arnaud.cornet@gmail.com> (supplier of updated bip package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 23 Mar 2007 00:53:01 +0100
Source: bip
Binary: bip
Architecture: source i386
Version: 0.5.3-4
Distribution: unstable
Urgency: high
Maintainer: Arnaud Cornet <arnaud.cornet@gmail.com>
Changed-By: Arnaud Cornet <arnaud.cornet@gmail.com>
Description:
bip - multiuser irc proxy with conversation replay and more
Closes: 415855
Changes:
bip (0.5.3-4) unstable; urgency=high
.
* Set proper permissions in postinst (Closes: #415855).
Files:
986bdbb3de54a3bb5917ba660dd39117 586 net optional bip_0.5.3-4.dsc
d335eeed663ee07e1f034cf40874d957 37554 net optional bip_0.5.3-4.diff.gz
384bcc9ec4d99da61a9c04a133f46155 66496 net optional bip_0.5.3-4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGBCt3sczZcpAmcIYRAnFEAKCmvSOABuHjXIzgPbCHELyVv6i6DgCeOGwF
R6qAinYtKBGyF8ATwP42HX8=
=7PtD
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 25 Jun 2007 23:36:48 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Fri Jan 5 08:52:57 2018;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.