Your message dated Sun, 31 Jul 2005 23:34:21 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Removed from Debian - unmaintained
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 18 Jan 2000 00:30:26 +0000
Received: (qmail 12661 invoked from network); 18 Jan 2000 00:30:25 -0000
Received: from jensen-home.tsi-telsys.com (HELO tt) (205.230.130.162)
by master.debian.org with SMTP; 18 Jan 2000 00:30:25 -0000
Received: by cc38617-a.hwrd1.md.home.com
via sendmail from stdin
id <[EMAIL PROTECTED]> (Debian Smail3.2.0.102)
for [EMAIL PROTECTED]; Mon, 17 Jan 2000 19:29:08 -0500 (EST)
Message-Id: <[EMAIL PROTECTED]>
From: Jim Jensen <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: problem with setuid/setgid of /usr/cgi-bin/jitterbug
X-Reportbug-Version: 0.48
X-Mailer: reportbug 0.48
Date: Mon, 17 Jan 2000 19:29:08 -0500
Reply-to: [EMAIL PROTECTED]
Bcc:
Package: jitterbug
Version: 1.6.2-4
Severity: normal
In order to use the chroot feature of jitterbug it is necessary to set
the /usr/cgi-bin/jitterbug to -rws--x-- (according to the INSTALL
document). However, doing this causes accesses as guest to not
include the guestintro.html, header.html and footer.html because
jitterbug.display_file() does not display the file because geteuid()
returns 0. I believe the get[ug]id() calls in jitterbug.c lines 649,
652, 656 and 659 should be gete[ug]id() calls, and possibly the
corresponding set[gu]id() calls also the effective versions.
According to a comment in jitterbug's jitterbug database, this can
cause some security risk
(http://samba.anu.edu.au/cgi-bin/jitterbug/fixed?id=425;expression=seteuid;user=guest
see reply 1)
Thanks for your work.
-Jim Jensen [EMAIL PROTECTED]
-- System Information
Debian Release: potato
Architecture: i386
Kernel: Linux tt 2.3.36 #4 Wed Jan 5 19:38:08 EST 2000 i686
Versions of packages jitterbug depends on:
ii apache 1.3.9-10 Versatile, high-performance HTTP s
ii apache [httpd] 1.3.9-10 Versatile, high-performance HTTP s
ii libc6 2.1.2-11 GNU C Library: Shared libraries an
ii smail [mail-transport-agent] 3.2.0.102-2 Electronic mail transport system.
---------------------------------------
Received: (at 55507-done) by bugs.debian.org; 31 Jul 2005 22:34:29 +0000
>From [EMAIL PROTECTED] Sun Jul 31 15:34:29 2005
Return-path: <[EMAIL PROTECTED]>
Received: from sorrow.cyrius.com [65.19.161.204]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1DzMO4-0008VI-00; Sun, 31 Jul 2005 15:34:29 -0700
Received: by sorrow.cyrius.com (Postfix, from userid 10)
id C28D264D54; Sun, 31 Jul 2005 22:34:23 +0000 (UTC)
Received: by deprecation.cyrius.com (Postfix, from userid 1000)
id 766AA85A8; Sun, 31 Jul 2005 23:34:21 +0100 (BST)
Date: Sun, 31 Jul 2005 23:34:21 +0100
From: Martin Michlmayr <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject: Removed from Debian - unmaintained
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 126
This package has now been removed from Debian because nobody was
interested in maintaining it; see
http://lists.debian.org/debian-devel-announce/2005/06/msg00014.html
for more information.
--
Martin Michlmayr
http://www.cyrius.com/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
