Your message dated Sun, 11 Feb 2007 22:32:03 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#410557: fixed in dokuwiki 0.0.20061106-3 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: dokuwiki Version: 0.0.20061106-1 Severity: critical Dokuwiki 2006-11-06 from the official page [1] contains the file "conf/.htacces": conf/.htaccess ------------------------------------- ## no access to the conf directory order allow,deny deny from all --------------------------------------- This .htaccess deny web access to files in "conf" directory (ACL's, users). But Debian package doesn't include it in /etc/dokuwiki so any user can see the ACL's and user list (name, mail, role, encripted password) by accessing to: http://dokuwiki_base/conf http://dokuwiki_base/conf/acl.auth.php http://dokuwiki_base/conf/users.auth.php I suggest to include the .htaccess file in /etc/dokuwiki. Note: The issue exists too in the experimental 0.0.20061106-2 version [2]. [1] Dokuwiki official download: http://www.splitbrain.org/projects/dokuwiki [2] Changelog in experimental 20061106-2 version: http://packages.debian.org/changelogs/pool/main/d/dokuwiki/dokuwiki_0.0.20061106-2/changelog [3] Related bug in Dokuwiki bug database: http://bugs.splitbrain.org/?do=details&id=1076
--- End Message ---
--- Begin Message ---Source: dokuwiki Source-Version: 0.0.20061106-3 We believe that the bug you reported is fixed in the latest version of dokuwiki, which is due to be installed in the Debian FTP archive: dokuwiki_0.0.20061106-3.diff.gz to pool/main/d/dokuwiki/dokuwiki_0.0.20061106-3.diff.gz dokuwiki_0.0.20061106-3.dsc to pool/main/d/dokuwiki/dokuwiki_0.0.20061106-3.dsc dokuwiki_0.0.20061106-3_all.deb to pool/main/d/dokuwiki/dokuwiki_0.0.20061106-3_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mohammed Adnène Trojette <[EMAIL PROTECTED]> (supplier of updated dokuwiki package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 11 Feb 2007 21:53:00 +0100 Source: dokuwiki Binary: dokuwiki Architecture: source all Version: 0.0.20061106-3 Distribution: unstable Urgency: high Maintainer: Mohammed Adnène Trojette <[EMAIL PROTECTED]> Changed-By: Mohammed Adnène Trojette <[EMAIL PROTECTED]> Description: dokuwiki - a standards compliant simple to use wiki Closes: 410557 Changes: dokuwiki (0.0.20061106-3) unstable; urgency=high . * High urgency for RC bug fixing. * Prepend dokuwiki's configuration directory to avoid disclosing /etc/dokuwiki as suggested on http://wiki.splitbrain.org/wiki:security#the_._conf_directory (Closes: #410557) * Just in case, also ship /etc/dokuwiki with .htaccess. Files: 4c988f12a08f67bee474eb920e30787b 648 web optional dokuwiki_0.0.20061106-3.dsc 5908c64f63e897bbeaa7969e9735208f 26170 web optional dokuwiki_0.0.20061106-3.diff.gz c864ba1254cad3a10cb7a703289d8cc7 1106250 web optional dokuwiki_0.0.20061106-3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFz5gqOU3FkQ7XBOoRAvvKAKC2Fe7ry8uLT0ktVB/lV6/khlyTZQCfSMLL xhc+FzdAfdAPbyp5PPNXW+o= =4o/7 -----END PGP SIGNATURE-----
--- End Message ---
