Your message dated Sun, 22 Jan 2006 11:17:09 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#348306: fixed in knowledgetree 2.0.7-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 16 Jan 2006 08:07:55 +0000
>From [EMAIL PROTECTED] Mon Jan 16 00:07:55 2006
Return-path: <[EMAIL PROTECTED]>
Received: from ebhs-129-33-164-202.tor.usf.ibm.com ([129.33.164.202]
helo=lucia.cellbucks.com)
by spohr.debian.org with esmtp (Exim 4.50)
id 1EyPP9-0007OQ-Js
for [EMAIL PROTECTED]; Mon, 16 Jan 2006 00:07:55 -0800
Received: from [216.13.103.250] (helo=hera.office.cellbucks.com)
by lucia.cellbucks.com with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1EyPOa-0001kF-Ae; Mon, 16 Jan 2006 03:07:20 -0500
Received: from dharris by hera.office.cellbucks.com with local (Exim 4.44)
id 1EyPOZ-0002pD-7t; Mon, 16 Jan 2006 03:07:19 -0500
Date: Mon, 16 Jan 2006 03:07:19 -0500
From: David B Harris <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: /etc/knowledgetree/environment.php (which contains passwords)
world-readable
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Reportbug-Version: 3.7.1
X-Debbugs-Cc: [EMAIL PROTECTED]
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
Package: knowledgetree
Version: 2.0.7-1
Severity: critical
Hey,
/etc/knowledgetree/environment.php is world-readable by default. It is
supposed to contain (amongst other things) the username and password for
the KnowledgeTree database.
Cc:'d to [EMAIL PROTECTED] just in case they care (the package is only
in Sid, but maybe some other "related" packages are worth auditing).
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.11.4-execshield-a8-linuxjail-1-2-oftc-1
Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1)
Versions of packages knowledgetree depends on:
ii apache2-mpm-prefork [apache2] 2.0.55-2 traditional model for Apache2
ii libphp-phpmailer 1.73-1 full featured email transfer class
ii libphp-phpsniff 2.1.3-1 a HTTP_USER_AGENT Client Sniffer f
ii php4 4:4.4.0-4 server-side, HTML-embedded scripti
ii php4-mysql 4:4.4.0-4 MySQL module for php4
ii php4-pear 4:4.4.0-4 PHP Extension and Application Repo
ii php4-pear-log 1.6.0-1.1 Log module for PEAR
-- no debconf information
---------------------------------------
Received: (at 348306-close) by bugs.debian.org; 22 Jan 2006 19:21:13 +0000
>From [EMAIL PROTECTED] Sun Jan 22 11:21:13 2006
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1F0ki5-0003Qn-PV; Sun, 22 Jan 2006 11:17:09 -0800
From: Jose Carlos Medeiros <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.65 $
Subject: Bug#348306: fixed in knowledgetree 2.0.7-2
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sun, 22 Jan 2006 11:17:09 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: knowledgetree
Source-Version: 2.0.7-2
We believe that the bug you reported is fixed in the latest version of
knowledgetree, which is due to be installed in the Debian FTP archive:
knowledgetree_2.0.7-2.diff.gz
to pool/main/k/knowledgetree/knowledgetree_2.0.7-2.diff.gz
knowledgetree_2.0.7-2.dsc
to pool/main/k/knowledgetree/knowledgetree_2.0.7-2.dsc
knowledgetree_2.0.7-2_all.deb
to pool/main/k/knowledgetree/knowledgetree_2.0.7-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jose Carlos Medeiros <[EMAIL PROTECTED]> (supplier of updated knowledgetree
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 20 Jan 2006 11:02:18 -0200
Source: knowledgetree
Binary: knowledgetree
Architecture: source all
Version: 2.0.7-2
Distribution: unstable
Urgency: low
Maintainer: Jose Carlos Medeiros <[EMAIL PROTECTED]>
Changed-By: Jose Carlos Medeiros <[EMAIL PROTECTED]>
Description:
knowledgetree - web-based Knowledge Management
Closes: 348306
Changes:
knowledgetree (2.0.7-2) unstable; urgency=low
.
* Changed permissions of world-readable /etc/knowledgretree files.
(Closes: #348306)
* Improved call to dpkg-statoverride in debian/postinst.
* Updated to Standards-Version 3.6.2.
* Updated address of Free Software Foundation (FSF) in debian/copyright file.
Files:
5286f03391df19002173071307dca67e 702 web optional knowledgetree_2.0.7-2.dsc
c6d6f38fd8e305a7ac0760f0734277e4 5072 web optional
knowledgetree_2.0.7-2.diff.gz
c3ff74ad3d50ff3e9cd5ef9e128b7359 686950 web optional
knowledgetree_2.0.7-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFD09XyGKGxzw/lPdkRAib1AJ9sC0jvcS7wR3pVbkDSfTelZgVciACfei2Y
O8Kz+FGiYeQi0nGm4gKwSyc=
=XYhA
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
