Package: monit Version: 1:5.2.3-2 Severity: important Tags: security When reporting a bug for monit with reportbug, reportbug tries to include the config file /etc/monit/monitrc, but fails.
First, since /etc/monit/monitrc is expected to be protected against reading, reportbug should not try to include it. Moreover, under some conditions (e.g. reportbug is run as root, even though this is discouraged), the file would be included, which can be a security problem as the file can contain passwords. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=POSIX, LC_CTYPE=en_US.ISO8859-1 (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Versions of packages monit depends on: ii libc6 2.11.2-11 Embedded GNU C Library: Shared lib ii libpam0g 1.1.2-2 Pluggable Authentication Modules l ii libssl0.9.8 0.9.8o-5 SSL shared libraries ii lsb-base 3.2-27 Linux Standard Base 3.2 init scrip monit recommends no packages. monit suggests no packages. -- Configuration Files: /etc/monit/monitrc [Errno 13] Permission denied: u'/etc/monit/monitrc' -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
