Your message dated Tue, 01 Feb 2005 18:02:37 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#293133: fixed in squirrelmail 2:1.4.4-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 1 Feb 2005 10:59:58 +0000
>From [EMAIL PROTECTED] Tue Feb 01 02:59:58 2005
Return-path: <[EMAIL PROTECTED]>
Received: from baham.planb.de (smtp.planb.de) [193.197.187.1] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CvvlF-0006Rx-00; Tue, 01 Feb 2005 02:59:58 -0800
Received: from [10.111.111.3] (andromeda.planb.de [193.197.187.14])
by smtp.planb.de (pri) with asmtp
id 1CvvlD-0004yj-00; Tue, 01 Feb 2005 11:59:55 +0100
Message-ID: <[EMAIL PROTECTED]>
Date: Tue, 01 Feb 2005 11:59:55 +0100
From: Thomas Nagel <[EMAIL PROTECTED]>
User-Agent: Mozilla Thunderbird 0.9 (X11/20041124)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: configtest.php enabled by default
X-Enigmail-Version: 0.89.0.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
micalg=sha1; boundary="------------ms010005030103010202050909"
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
This is a cryptographically signed message in MIME format.
--------------ms010005030103010202050909
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Package: squirrelmail
Version: 1.4.4-1
Severity: serious
Information leakage is enabled by default via the newly added
/usr/share/squirrelmail/src/configtest.php Script which should be
disabled (or as a minimum a Deny line should be added to the example
apache.conf file).
--------------ms010005030103010202050909
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJGzCC
AugwggJRoAMCAQICAw1OFDANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE
ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv
bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDQxMDI2MTQ1NzUwWhcNMDUxMDI2MTQ1NzUw
WjBbMQ4wDAYDVQQEEwVOYWdlbDEPMA0GA1UEKhMGVGhvbWFzMRUwEwYDVQQDEwxUaG9tYXMg
TmFnZWwxITAfBgkqhkiG9w0BCQEWEm1lQHRob21hc25hZ2VsLmNvbTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBANerw6HGrwnXCUdyBJq4gTPUumREPC1EzAn4l0K66uno61oh
MMXHQnU9SkflEbFTg5LEGNOK4oMQHTEFRZfB56LZDm+G5meQW4L0q8/xIznaGkgwDfpTIUxq
CX8PQomFqCxLZTi6H2s8t1w6Z883WoP93eSmXlA4v9eWOoUdqUxoPmwjJa625tI0hKrmSIIq
vB6fglE+NqedixLNwejwCMGlJDXYYRjkGAzEQGMC7/OZqGvEeDsS/+vIf9tBoN9QPBMHIJgZ
cVUMyFjtPEig7eO0zGHUDCraoaCPC3BDBDDDED/tDGEOY6yVGuV+Lr/UNiPKDNkvfkTC5IVo
ckqlcukCAwEAAaMvMC0wHQYDVR0RBBYwFIESbWVAdGhvbWFzbmFnZWwuY29tMAwGA1UdEwEB
/wQCMAAwDQYJKoZIhvcNAQEEBQADgYEAm+AC0/gv883QnhwzaQZLHpDZnN2+/vwAAnQ+HGmx
Fpgk9xL+4y//xL7DXkSxmp7ljJTmKTViKC6aAzx9B7jsjWzYOhfZK/1DAE8LIltbMd1xsUGl
DJnJUnDrnUEFuavtW90huffeY4n94Q6rZhL6WBIHOHmkzMchpXh/s3zU0JowggLoMIICUaAD
AgECAgMNThQwDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0
ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVl
bWFpbCBJc3N1aW5nIENBMB4XDTA0MTAyNjE0NTc1MFoXDTA1MTAyNjE0NTc1MFowWzEOMAwG
A1UEBBMFTmFnZWwxDzANBgNVBCoTBlRob21hczEVMBMGA1UEAxMMVGhvbWFzIE5hZ2VsMSEw
HwYJKoZIhvcNAQkBFhJtZUB0aG9tYXNuYWdlbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDXq8Ohxq8J1wlHcgSauIEz1LpkRDwtRMwJ+JdCuurp6OtaITDFx0J1PUpH
5RGxU4OSxBjTiuKDEB0xBUWXweei2Q5vhuZnkFuC9KvP8SM52hpIMA36UyFMagl/D0KJhags
S2U4uh9rPLdcOmfPN1qD/d3kpl5QOL/XljqFHalMaD5sIyWutubSNISq5kiCKrwen4JRPjan
nYsSzcHo8AjBpSQ12GEY5BgMxEBjAu/zmahrxHg7Ev/ryH/bQaDfUDwTByCYGXFVDMhY7TxI
oO3jtMxh1Awq2qGgjwtwQwQwwxA/7QxhDmOslRrlfi6/1DYjygzZL35EwuSFaHJKpXLpAgMB
AAGjLzAtMB0GA1UdEQQWMBSBEm1lQHRob21hc25hZ2VsLmNvbTAMBgNVHRMBAf8EAjAAMA0G
CSqGSIb3DQEBBAUAA4GBAJvgAtP4L/PN0J4cM2kGSx6Q2Zzdvv78AAJ0PhxpsRaYJPcS/uMv
/8S+w15EsZqe5YyU5ik1YigumgM8fQe47I1s2DoX2Sv9QwBPCyJbWzHdcbFBpQyZyVJw651B
Bbmr7VvdIbn33mOJ/eEOq2YS+lgSBzh5pMzHIaV4f7N81NCaMIIDPzCCAqigAwIBAgIBDTAN
BgkqhkiG9w0BAQUFADCB0TELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTES
MBAGA1UEBxMJQ2FwZSBUb3duMRowGAYDVQQKExFUaGF3dGUgQ29uc3VsdGluZzEoMCYGA1UE
CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEkMCIGA1UEAxMbVGhhd3RlIFBl
cnNvbmFsIEZyZWVtYWlsIENBMSswKQYJKoZIhvcNAQkBFhxwZXJzb25hbC1mcmVlbWFpbEB0
aGF3dGUuY29tMB4XDTAzMDcxNzAwMDAwMFoXDTEzMDcxNjIzNTk1OVowYjELMAkGA1UEBhMC
WkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1Ro
YXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQDEpjxVc1X7TrnKmVoeaMB1BHCd3+n/ox7svc31W/Iadr1/DDph8r9RzgHU5VAK
MNcCY1osiRVwjt3J8CuFWqo/cVbLrzwLB+fxH5E2JCoTzyvV84J3PQO+K/67GD4Hv0CAAmTX
p6a7n2XRxSpUhQ9IBH+nttE8YQRAHmQZcmC3+wIDAQABo4GUMIGRMBIGA1UdEwEB/wQIMAYB
Af8CAQAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVBl
cnNvbmFsRnJlZW1haWxDQS5jcmwwCwYDVR0PBAQDAgEGMCkGA1UdEQQiMCCkHjAcMRowGAYD
VQQDExFQcml2YXRlTGFiZWwyLTEzODANBgkqhkiG9w0BAQUFAAOBgQBIjNFQg+oLLswNo2as
Zw9/r6y+whehQ5aUnX9MIbj4Nh+qLZ82L8D0HFAgk3A8/a3hYWLD2ToZfoSxmRsAxRoLgnSe
JVCUYsfbJ3FXJY3dqZw5jowgT2Vfldr394fWxghOrvbqNOUQGls1TXfjViF4gtwhGTXeJLHT
HUb/XV9lTzGCAzswggM3AgEBMGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBD
b25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp
bCBJc3N1aW5nIENBAgMNThQwCQYFKw4DAhoFAKCCAacwGAYJKoZIhvcNAQkDMQsGCSqGSIb3
DQEHATAcBgkqhkiG9w0BCQUxDxcNMDUwMjAxMTA1OTU1WjAjBgkqhkiG9w0BCQQxFgQUN06d
MPr6XMQ2bku7mXRXLCpY/S8wUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG
9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgweAYJKwYB
BAGCNxAEMWswaTBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcg
KFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3Vpbmcg
Q0ECAw1OFDB6BgsqhkiG9w0BCRACCzFroGkwYjELMAkGA1UEBhMCWkExJTAjBgNVBAoTHFRo
YXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBG
cmVlbWFpbCBJc3N1aW5nIENBAgMNThQwDQYJKoZIhvcNAQEBBQAEggEAL06jmco2giWrTYEJ
CATo4HlioLyEQaITuer2oDeVg7bEwrPIaahuGQHEqh/HEx6h2oezGmDlrTvP8r/yWC3s3l3I
PcfgHow0yeEjwsNuobw/AMsB6LDwia2g2aJwCE8bJTBEQ9pPO4jdnjLgqhlqWTLUTrJn/pNl
b6rwTcuyJko9tKbDCr2byqpjNIFtKZHcu/bxTQIByRUHTVNJJwr7JTql1P8bbaoL7xajKHBZ
KPSvtn7CRLJuYA2Vd7B+UC6B5GEUyi1Us1OmfitIp7D8QA5cl7Vzt/alFJOLko8O+Ua3hgZf
ClPptkbacfwvIqtbsjCAeNTDAVezFZygzaAIXAAAAAAAAA==
--------------ms010005030103010202050909--
---------------------------------------
Received: (at 293133-close) by bugs.debian.org; 1 Feb 2005 23:08:27 +0000
>From [EMAIL PROTECTED] Tue Feb 01 15:08:27 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cw78E-0005P0-00; Tue, 01 Feb 2005 15:08:26 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1Cw72b-0000Oa-00; Tue, 01 Feb 2005 18:02:37 -0500
From: Thijs Kinkhorst <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#293133: fixed in squirrelmail 2:1.4.4-2
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 01 Feb 2005 18:02:37 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 2
Source: squirrelmail
Source-Version: 2:1.4.4-2
We believe that the bug you reported is fixed in the latest version of
squirrelmail, which is due to be installed in the Debian FTP archive:
squirrelmail_1.4.4-2.diff.gz
to pool/main/s/squirrelmail/squirrelmail_1.4.4-2.diff.gz
squirrelmail_1.4.4-2.dsc
to pool/main/s/squirrelmail/squirrelmail_1.4.4-2.dsc
squirrelmail_1.4.4-2_all.deb
to pool/main/s/squirrelmail/squirrelmail_1.4.4-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thijs Kinkhorst <[EMAIL PROTECTED]> (supplier of updated squirrelmail package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 1 Feb 2005 14:26:41 +0100
Source: squirrelmail
Binary: squirrelmail
Architecture: source all
Version: 2:1.4.4-2
Distribution: unstable
Urgency: low
Maintainer: Jeroen van Wolffelaar <[EMAIL PROTECTED]>
Changed-By: Thijs Kinkhorst <[EMAIL PROTECTED]>
Description:
squirrelmail - Webmail for nuts
Closes: 292490 293133
Changes:
squirrelmail (2:1.4.4-2) unstable; urgency=low
.
* Fix configtest.php to accept a non-readable data_dir, which is the
default Debian configuration
* [JvW] Depend on squirrelmail-locales, to ease upgrades woody->sarge
(Closes: #292490)
* Extend README.locales with information about the squirrelmail-locales
package and add hint that a restart of Apache might be needed
* Limit access to configtest.php to just localhost, to prevent
information leakage (Closes: #293133)
Files:
85bf9288f9ed87da8bd296b556463914 742 web optional squirrelmail_1.4.4-2.dsc
a95fd1d53b2e3553a1c6543060bdbdba 13963 web optional
squirrelmail_1.4.4-2.diff.gz
7b7b2018c7004e50baabbd35cbf07911 566656 web optional
squirrelmail_1.4.4-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Signed by Jeroen van Wolffelaar <[EMAIL PROTECTED]>
iD8DBQFCAAZil2uISwgTVp8RAnd7AKCdkG+V+nSAgJhIOrgug9E7fMVxowCgm90E
bSqviTnC2Q3vj0l/NMaeN/4=
=8JSu
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
