Your message dated Tue, 15 Feb 2005 13:02:36 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#295407: fixed in reportbug 3.8
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 15 Feb 2005 17:05:58 +0000
>From [EMAIL PROTECTED] Tue Feb 15 09:05:58 2005
Return-path: <[EMAIL PROTECTED]>
Received: from postman1.arcor-online.net (postman.arcor.de) [151.189.20.156]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D1698-0000YS-00; Tue, 15 Feb 2005 09:05:58 -0800
Received: from [127.0.0.1] (G18e2.g.pppool.de [80.185.24.226])
(authenticated bits=0)
by postman.arcor.de (8.13.0.PreAlpha4/8.13.0.PreAlpha4) with ESMTP id
j1FH5P5Y013619
(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO);
Tue, 15 Feb 2005 18:05:26 +0100 (MET)
Message-Id: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Rolf Leggewie <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: reportbug: config files are world readable
X-Mailer: reportbug 3.2
Date: Tue, 15 Feb 2005 11:53:16 +0100
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-4.8 required=4.0 tests=BAYES_00,BIZ_TLD,
DATE_IN_PAST_06_12,HAS_PACKAGE autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: reportbug
Version: 3.2
Severity: grave
Justification: user security hole
The conf files for reportbug are created world-readable. For users of
smart-hosts this represents a security hole since it exposes their
passwords on that host for any local user to pick up. Heck, reportbug
even included that information in this bug report before I deleted it.
-- Package-specific info:
** /home/leggewie/.reportbugrc:
reportbug_version "3.2"
mode standard
ui text
realname "Rolf Leggewie"
email "[EMAIL PROTECTED]"
smtphost "postman.arcor.de"
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-1-586tsc
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages reportbug depends on:
ii python2.3 2.3.4-19 An interactive high-level object-o
-- no debconf information
---------------------------------------
Received: (at 295407-close) by bugs.debian.org; 15 Feb 2005 18:08:02 +0000
>From [EMAIL PROTECTED] Tue Feb 15 10:08:02 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D177C-0004ft-00; Tue, 15 Feb 2005 10:08:02 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1D171w-0002aU-00; Tue, 15 Feb 2005 13:02:36 -0500
From: Chris Lawrence <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#295407: fixed in reportbug 3.8
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 15 Feb 2005 13:02:36 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 2
Source: reportbug
Source-Version: 3.8
We believe that the bug you reported is fixed in the latest version of
reportbug, which is due to be installed in the Debian FTP archive:
reportbug_3.8.dsc
to pool/main/r/reportbug/reportbug_3.8.dsc
reportbug_3.8.tar.gz
to pool/main/r/reportbug/reportbug_3.8.tar.gz
reportbug_3.8_all.deb
to pool/main/r/reportbug/reportbug_3.8_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Chris Lawrence <[EMAIL PROTECTED]> (supplier of updated reportbug package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 15 Feb 2005 11:50:53 -0600
Source: reportbug
Binary: reportbug
Architecture: source all
Version: 3.8
Distribution: unstable
Urgency: medium
Maintainer: Chris Lawrence <[EMAIL PROTECTED]>
Changed-By: Chris Lawrence <[EMAIL PROTECTED]>
Description:
reportbug - reports bugs in the Debian distribution
Closes: 293188 295407
Changes:
reportbug (3.8) unstable; urgency=medium
.
* Create .reportbugrc with mode 600. (Closes: #295407)
* Drop references to bug(1) from man page. (Closes: #293188)
* Don't send Bcc field in messages to any external programs.
Files:
dbea6643902266b455f77e1296674be1 520 utils standard reportbug_3.8.dsc
6f4eae34ceea8f7b8cdbf0286a46eaa4 128974 utils standard reportbug_3.8.tar.gz
157abbd5e1a74399183009937da6a14e 109090 utils standard reportbug_3.8_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCEjcQ2wQKE6PXubwRAjEIAJ4o2VHu6nm2+e/ETrbIQqoXcxs4hwCghqn6
IwvFLsM/ocEF86Q7jmqyXTc=
=GTVa
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
