On Thu, May 07, 2009 at 04:03:05PM -0400, Michael S. Gilbert wrote: > Package: prewikka > Severity: important > Tags: security > > Hi, > > Redhat recently issued security updates for prewikka [0] because the > password file is world readable. The text of the issue is: > > | The permissions on the prewikka.conf file are world readable and contain > the sql > | database password used by prewikka. This update makes it readable just > | by the apache group. > > Please determine whether debian is affected by this issue. If so, > please coordinate with the security team (t...@security.debian.org) to > prepare updates for the stable releases.
Hi, While I appreciate the effort of checking security related things, I'll just point out that the verification was fairly trivial: $ grep -C1 chmod debian/prewikka.postinst # make sure conf file has the correct permissions and owner/group chmod 640 /etc/prewikka/prewikka.conf $ grep -C2 prewikka.conf debian/changelog prewikka (0.9.11.3-2) unstable; urgency=low * Make sure prewikka.conf is not world-readable -- Pierre Chifflier <chiffl...@inl.fr> Fri, 08 Jun 2007 15:35:25 +0200 The problem was fixed in 0.9.11.3-2, and current Debian version (in both stable, testing and unstable) is 0.9.14-2, so I'm closing the bug. Cheers, Pierre > > Thank you, > Mike > > [0] http://lwn.net/Articles/330642 > >
signature.asc
Description: Digital signature
