Your message dated Tue, 29 Jan 2013 13:17:28 +0000 with message-id <e1u0b44-0001ug...@franck.debian.org> and subject line Bug#699227: fixed in ldap-git-backup 1.0.4-1 has caused the Debian Bug report #699227, regarding ldap-git-backup: Incorrect directory permissions to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 699227: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699227 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ldap-git-backup Version: 1.0.3-2 Severity: critical Tags: security fixed-upstream pending Justification: root security hole Citing from RT#4170 to have a public bug report to refer to: Hans Spaans wrote: > On a default system the directory /var/backups/ldap is created with > permissions root:root 0755. This exposes all files in this directory > to be readable by any process on the system and some of those files > contain password hashes which are part of the LDAP-dump. Reducing > the permission to root:root 0700 should resolve the issue. Yves-Alexis Perez wrote: > As ldap-git-backup is not in stable or testing, we won't issue a > DSA. > > Please use CVE-2013-1425 for this issue (local information > disclosure). Upstream fixed the issue at https://github.com/elmar/ldap-git-backup/commit/a90f3217fce87962db82d212f73af70693087124 Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE `- | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
--- End Message ---
--- Begin Message ---Source: ldap-git-backup Source-Version: 1.0.4-1 We believe that the bug you reported is fixed in the latest version of ldap-git-backup, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 699...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Elmar S. Heeb <el...@heebs.ch> (supplier of updated ldap-git-backup package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 28 Jan 2013 19:05:13 +0000 Source: ldap-git-backup Binary: ldap-git-backup Architecture: source all Version: 1.0.4-1 Distribution: unstable Urgency: low Maintainer: Elmar S. Heeb <el...@heebs.ch> Changed-By: Elmar S. Heeb <el...@heebs.ch> Description: ldap-git-backup - Back up LDAP database in an Git repository Closes: 699227 Changes: ldap-git-backup (1.0.4-1) unstable; urgency=low . * create backup directory with default mode of 0700 fixes CVE-2013-1425 (local information disclosure) Thanks to Hans Spaans <hans.spa...@nexit.nl> (Closes: #699227) Checksums-Sha1: aacf8819270f54cb0994f97444a15c2b66e5ecf8 1328 ldap-git-backup_1.0.4-1.dsc 4d0db90aef45d5f4e7af99bbdd8817f1abf483e0 72789 ldap-git-backup_1.0.4.orig.tar.gz 0cfbb13faad875f5130dfe3d2b4bef4f983b6723 2558 ldap-git-backup_1.0.4-1.debian.tar.gz 84f60ff8893e50db5e1a7901462d1d8dd5ee46c4 10762 ldap-git-backup_1.0.4-1_all.deb Checksums-Sha256: a1585e4503bd408409943a92f0757ec41b2bbac88dec027c3e4ea7e55b0d915e 1328 ldap-git-backup_1.0.4-1.dsc 5e6744345cd9e580dd51866b9a7017461a3cf117465fa50781bb4af8a7d253f0 72789 ldap-git-backup_1.0.4.orig.tar.gz 2ddffa3f129801b8cac0fc1075cb0d2b7de2a6ee7bfb19898ac1b67a3681f342 2558 ldap-git-backup_1.0.4-1.debian.tar.gz c688cc9f69157fb306b25b4315566c894af37d558b35c33e0fae7a13cd034236 10762 ldap-git-backup_1.0.4-1_all.deb Files: 51a1a942b37e3fb8ea36a3e60324a6a3 1328 admin optional ldap-git-backup_1.0.4-1.dsc 1e424e31114fbdebb10c0dc36ddb0217 72789 admin optional ldap-git-backup_1.0.4.orig.tar.gz eb03cc909bbdada87c5975da146795da 2558 admin optional ldap-git-backup_1.0.4-1.debian.tar.gz 593c9af3a1044eb8976d92a9f7d84e2f 10762 admin optional ldap-git-backup_1.0.4-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAlEHtAkACgkQwJ4diZWTDt7pqgCfaflZi/BglwguWIyOXzCQq512 mmwAn2gVwQHlIH08vfQkbmSI+Z4rPrbc =vnAN -----END PGP SIGNATURE-----
--- End Message ---
