Package: mailman Version: 1:2.1.9-7 Severity: serious Tags: security By defaults mailman creates /var/log/mailman readable by everyone. But some private information (at least subscribers list) may go there. So it should be created with rwxrws--- permitions. It's not very critical, but I think should be fixed even in etch (may be not now, but with other issues if there will be any).
Regards. -- System Information: Debian Release: 4.0 APT prefers proposed-updates APT policy: (670, 'proposed-updates'), (670, 'stable'), (650, 'testing-proposed-updates'), (650, 'testing'), (600, 'unstable'), (550, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.18-5-vserver-686 Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Versions of packages mailman depends on: ii adduser 3.102 Add and remove users and groups ii apache2-mpm-prefork [h 2.2.3-4+etch3 Traditional model for Apache HTTPD ii cron 3.0pl1-100 management of regular background p ii debconf [debconf-2.0] 1.5.11etch1 Debian configuration management sy ii libc6 2.3.6.ds1-13etch4 GNU C Library: Shared libraries ii logrotate 3.7.1-3 Log rotation utility ii lsb-base 3.1-23.2etch1 Linux Standard Base 3.1 init scrip ii postfix [mail-transpor 2.3.8-2+b1 A high-performance mail transport ii pwgen 2.05-1 Automatic Password generation ii python 2.4.4-2 An interactive high-level object-o ii python-support 0.5.6 automated rebuilding support for p ii ucf 2.0020 Update Configuration File: preserv mailman recommends no packages. -- debconf information: mailman/update_passwords: * mailman/site_languages: en, ru * mailman/used_languages: en ru * mailman/create_site_list: * mailman/queue_files_present: * mailman/default_server_language: ru * mailman/gate_news: false mailman/update_aliases: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
