Package: ssmtp Version: 2.64-1 Severity: critical Justification: causes serious data loss
The configuration file /etc/ssmtp/ssmtp.conf is not readable by everybody, but ssmtp itself is run without any special privileges: zsh% ls -l /etc/ssmtp/ssmtp.conf /usr/sbin/ssmtp -rw-r----- 1 root mail 607 Dec 9 12:49 /etc/ssmtp/ssmtp.conf -rwxr-xr-x 1 root root 36168 Nov 24 03:33 /usr/sbin/ssmtp* zsh% I've been running ssmtp for a long time just fine. I'm not sure if this problem is a result of a broken package upgrade script or something else. I failed to notice when it broke, but it was probably in November. I only noticed it today and it's the same on all my machines, whether sparc or intel and 32bit or 64bit. I set the severity to critical, since other packages such as cron and checksecurity depend on a working sendmail. I suppose this could even be classified as a security vulnerability. -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.31-1-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages ssmtp depends on: ii debconf [debconf-2.0] 1.5.28 Debian configuration management sy ii libc6 2.10.2-5 Embedded GNU C Library: Shared lib ii libgnutls26 2.8.5-2 the GNU TLS library - runtime libr ssmtp recommends no packages. ssmtp suggests no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
