Your message dated Thu, 20 Apr 2006 03:47:15 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#363580: fixed in wordpress 2.0.2-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: wordpress
Version: 2.0.2-1
Severity: serious
Tags: security
Just installed Wordpress and configured it with script from example
directory.
This script created database in mysql and config file for domain, where
account information for this database is stored. But it made this file's
permissions 644, wich allow any local (or remove in some bad cases)
users to get this account information and gain full access to wordpress
database.
Regards, Alexander.
-- System Information:
Debian Release: 3.1
APT prefers proposed-updates
APT policy: (670, 'proposed-updates'), (670, 'stable'), (620,
'testing-proposed-updates'), (620, 'testing'), (600, 'unstable'), (550,
'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-k7
Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R)
Versions of packages wordpress depends on:
ii apache2-mpm-prefork [htt 2.0.54-5 traditional model for Apache2
ii libapache2-mod-php4 4:4.3.10-16 server-side, HTML-embedded scripti
ii mysql-client [virtual-my 4.0.24-10sarge1 mysql database client binaries
ii php4 4:4.3.10-16 server-side, HTML-embedded scripti
ii php4-mysql 4:4.3.10-16 MySQL module for php4
wordpress recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: wordpress
Source-Version: 2.0.2-2
We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive:
wordpress_2.0.2-2.diff.gz
to pool/main/w/wordpress/wordpress_2.0.2-2.diff.gz
wordpress_2.0.2-2.dsc
to pool/main/w/wordpress/wordpress_2.0.2-2.dsc
wordpress_2.0.2-2_all.deb
to pool/main/w/wordpress/wordpress_2.0.2-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kai Hendry <[EMAIL PROTECTED]> (supplier of updated wordpress package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 20 Apr 2006 10:12:56 +0900
Source: wordpress
Binary: wordpress
Architecture: source all
Version: 2.0.2-2
Distribution: unstable
Urgency: high
Maintainer: Kai Hendry <[EMAIL PROTECTED]>
Changed-By: Kai Hendry <[EMAIL PROTECTED]>
Description:
wordpress - an award winning weblog manager
Closes: 362171 363580
Changes:
wordpress (2.0.2-2) unstable; urgency=high
.
* setup-mysql fails if the domain contains a port number (Closes:
#362171)
* Insecure file permissions in /etc/wordpress (Closes: #363580)
* Added a postinst to help users correct permissions
Files:
45e7f1b26814c94476d923c7dd9665a1 566 web optional wordpress_2.0.2-2.dsc
60d777804643fd55897deab1ccb2e2a5 7198 web optional wordpress_2.0.2-2.diff.gz
92c2c64dd4ce61c4b7d2da1345e3b946 502222 web optional wordpress_2.0.2-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFER2SxK/juK3+WFWQRApBpAJ0d1hIUx3IPJKdUOVtooDabdz+howCgjx7O
LvyaRyr//8Tppfm2nSarDR4=
=kXmO
-----END PGP SIGNATURE-----
--- End Message ---
