Your message dated Mon, 27 Aug 2007 21:47:17 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#436681: fixed in backuppc 3.0.0-4
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: backuppc
Version: 2.1.2-6
Severity: critical
Tags: security
The default password generated at installation time is publically
visible to any user with local access to the system on which backuppc is
installed as it is included in the debconf database [1] as a variable
for the backuppc/configuration-note template.
I've decided on severity critical for this issue as it potentially allows
random users to start backup jobs for other systems and possibly interfere
with backuped data.
I'd suggest clearing this variable immediately after displaying the note.
[1] /var/cache/debconf/config.dat
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages backuppc depends on:
ii adduser 3.102 Add and remove users and groups
ii apache2 2.2.3-4 Next generation, scalable, extenda
ii apache2-mpm-worker [apache 2.2.3-4 High speed threaded model for Apac
ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy
ii dpkg 1.13.25 package maintenance system for Deb
ii exim4 4.63-17 metapackage to ease exim MTA (v4)
ii exim4-daemon-light [mail-t 4.63-17 lightweight exim MTA (v4) daemon
ii libarchive-zip-perl 1.16-1 Module for manipulation of ZIP arc
ii libcompress-zlib-perl 1.42-2 Perl module for creation and manip
ii perl [libdigest-md5-perl] 5.8.8-7 Larry Wall's Practical Extraction
ii perl-suid 5.8.8-7 Runs setuid Perl scripts
ii samba-common 3.0.24-6etch4 Samba common files used by both th
ii smbclient 3.0.24-6etch4 a LanManager-like simple client fo
ii tar 1.16-2 GNU tar
ii wwwconfig-common 0.0.48 Debian web auto configuration
--- End Message ---
--- Begin Message ---
Source: backuppc
Source-Version: 3.0.0-4
We believe that the bug you reported is fixed in the latest version of
backuppc, which is due to be installed in the Debian FTP archive:
backuppc_3.0.0-4.diff.gz
to pool/main/b/backuppc/backuppc_3.0.0-4.diff.gz
backuppc_3.0.0-4.dsc
to pool/main/b/backuppc/backuppc_3.0.0-4.dsc
backuppc_3.0.0-4_all.deb
to pool/main/b/backuppc/backuppc_3.0.0-4_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ludovic Drolez <[EMAIL PROTECTED]> (supplier of updated backuppc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 27 Aug 2007 18:28:25 +0200
Source: backuppc
Binary: backuppc
Architecture: source all
Version: 3.0.0-4
Distribution: unstable
Urgency: high
Maintainer: Ludovic Drolez <[EMAIL PROTECTED]>
Changed-By: Ludovic Drolez <[EMAIL PROTECTED]>
Description:
backuppc - high-performance, enterprise-grade system for backing up PCs
Closes: 436681
Changes:
backuppc (3.0.0-4) unstable; urgency=high
.
* Clear the remaining password in config.dat. Closes: #436681
Files:
a805f25874a8f489db6204acd5570cd0 615 utils optional backuppc_3.0.0-4.dsc
50e8dc2d4fab31f37c8988d469d7b50a 19398 utils optional backuppc_3.0.0-4.diff.gz
02184d45d5a29a4164cd6b5b76ed0b3b 492072 utils optional backuppc_3.0.0-4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG0zVAsRlQAP1GppgRAubIAJ9SOsa7GmuGSzPeTibDbtBtEm/wXwCffM8C
ZN+fxAuQKE4hSGrN4cRQ70c=
=zs3F
-----END PGP SIGNATURE-----
--- End Message ---
