Your message dated Fri, 11 Apr 2008 19:53:24 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#445582: fixed in ldapscripts 1.4-2etch1 has caused the Debian Bug report #445582, regarding ldapscripts shows passwords in the clear on the command line to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 445582: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=445582 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: ldapscripts Severity: serious Version: 1.4-2 Tag: security Unless you're running grsecurity or some other patched kernel, the following cannot be good: _changepassword () { if [ -z "$1" ] || [ -z "$2" ] then end_die "_changepassword : missing argument(s)" else if is_yes "$RECORDPASSWORDS" then echo "$2 : $1" >> "$PASSWORDFILE" fi $LDAPPASSWDBIN -w "$BINDPWD" -D "$BINDDN" -xH "ldap://$SERVER"; -s "$1" "$2" 2>>"$LOGFILE" 1>/dev/null fi } Don Armstrong -- This message brought to you by weapons of mass destruction related program activities, and the letter G. http://www.donarmstrong.com http://rzlab.ucr.edu
--- End Message ---
--- Begin Message ---Source: ldapscripts Source-Version: 1.4-2etch1 We believe that the bug you reported is fixed in the latest version of ldapscripts, which is due to be installed in the Debian FTP archive: ldapscripts_1.4-2etch1.diff.gz to pool/main/l/ldapscripts/ldapscripts_1.4-2etch1.diff.gz ldapscripts_1.4-2etch1.dsc to pool/main/l/ldapscripts/ldapscripts_1.4-2etch1.dsc ldapscripts_1.4-2etch1_all.deb to pool/main/l/ldapscripts/ldapscripts_1.4-2etch1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thijs Kinkhorst <[EMAIL PROTECTED]> (supplier of updated ldapscripts package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 15 Mar 2008 22:03:09 +0100 Source: ldapscripts Binary: ldapscripts Architecture: source all Version: 1.4-2etch1 Distribution: stable-security Urgency: high Maintainer: Pierre Habouzit <[EMAIL PROTECTED]> Changed-By: Thijs Kinkhorst <[EMAIL PROTECTED]> Description: ldapscripts - Add and remove user and groups (stored in a ldap directory) Closes: 445582 Changes: ldapscripts (1.4-2etch1) stable-security; urgency=high . * Non-maintainer upload by the security team * Fix information disclosure (password used on command line) with upstream patch. Closes: #445582. CVE-2007-5373 Files: dabe3144f01910f1f055a2a6d9b63148 883 admin optional ldapscripts_1.4-2etch1.dsc 4d4fd01f12940bf2272cf9b2a27e34c5 8429 admin optional ldapscripts_1.4-2etch1.diff.gz 52a069bdb720fb9d9897f96dbc150c8a 28482 admin optional ldapscripts_1.4-2etch1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR9w5wWz0hbPcukPfAQJnKgf8DCIRoNu2ZeW1CBLMbfJiqqwWve53IbKV a8eWXv3h/cewz5AorqPlIJjxShu2aQ0gxo6XFRlNOw0bMdkPo1cYvIf+yH6KcHzU /IHX+U4mGpb3mATVHYsF5PibP599ge09qJBWNC3XQwcBcQ9Jx3N2nNtnzSHNElHP JA7b9VefiNUZIMsEkOfzCiiOV+vChYX9tSVZUyEb2/LaukA5cgSwa2ylWlD2pM7+ AmwYesLPhoZCho/KiwA8E5ZJ9/cRdC668wbvrQiXuEaT2r5xZQrPdEdpAWAbqnTj cr4qLTek51SAugPKINuKXZ7XJcTd4hmXQOjYZGxg9KtJems1zrqcSw== =M9Lm -----END PGP SIGNATURE-----
--- End Message ---
