Your message dated Tue, 14 Jun 2005 22:17:18 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#312821: fixed in webcalendar 0.9.45-5
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 10 Jun 2005 10:03:17 +0000
>From [EMAIL PROTECTED] Fri Jun 10 03:03:17 2005
Return-path: <[EMAIL PROTECTED]>
Received: from outmx012.isp.belgacom.be [195.238.3.70]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DggM9-0003Sy-00; Fri, 10 Jun 2005 03:03:17 -0700
Received: from outmx012.isp.belgacom.be (localhost [127.0.0.1])
by outmx012.isp.belgacom.be (8.12.11/8.12.11/Skynet-OUT-2.22) with
ESMTP id j5AA39Dt013821
for <[EMAIL PROTECTED]>; Fri, 10 Jun 2005 12:03:09 +0200
(envelope-from <[EMAIL PROTECTED]>)
Received: from [192.168.64.3] (204.82-201-80.adsl.skynet.be [80.201.82.204])
by outmx012.isp.belgacom.be (8.12.11/8.12.11/Skynet-OUT-2.22) with
ESMTP id j5AA38CO013803
for <[EMAIL PROTECTED]>; Fri, 10 Jun 2005 12:03:08 +0200
(envelope-from <[EMAIL PROTECTED]>)
Subject: Configuration is world-readable
From: Jerome Warnier <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Content-Type: text/plain
Organization: BeezNest
Date: Fri, 10 Jun 2005 11:54:35 +0200
Message-Id: <[EMAIL PROTECTED]>
Mime-Version: 1.0
X-Mailer: Evolution 2.0.4
Content-Transfer-Encoding: 7bit
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: webcalendar
Version: 0.9.45-4
Severity: critical
[EMAIL PROTECTED]:/etc/webcalendar$ ls -l /etc/webcalendar/
total 88
-rw-r--r-- 1 root root 487 May 18 18:39 apache.conf
-rw-r--r-- 1 root root 461 Nov 11 2004 print_styles.css
-rw-r--r-- 1 www-data www-data 378 Apr 25 11:52 settings.php
-rw-r--r-- 1 root root 369 Apr 20 11:06 settings.php.old
-rw-r--r-- 1 root root 774 Dec 28 23:22 settings.php.tpl
-rw-r--r-- 1 root root 6701 Nov 16 2004 site_extras.php
-rw-r--r-- 1 root root 21879 Dec 7 2004 styles.php
-rw-r--r-- 1 root root 12133 Dec 14 01:09 user-ldap.php
-rw-r--r-- 1 root root 11417 Nov 16 2004 user-nis.php
-rw-r--r-- 1 root root 11647 Nov 25 2004 user.php
All configuration files are world-readable. As settings.php includes a
clear-text password and login to the database, this it highly unsecure,
hence the severity critical. Wish I had seen this before Sarge's
release.
Thanks
--
Jerome Warnier <[EMAIL PROTECTED]>
BeezNest
---------------------------------------
Received: (at 312821-close) by bugs.debian.org; 15 Jun 2005 02:21:35 +0000
>From [EMAIL PROTECTED] Tue Jun 14 19:21:35 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DiNX5-0005kb-00; Tue, 14 Jun 2005 19:21:35 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DiNSw-0003Wq-00; Tue, 14 Jun 2005 22:17:18 -0400
From: Tim Peeler <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#312821: fixed in webcalendar 0.9.45-5
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 14 Jun 2005 22:17:18 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 3
Source: webcalendar
Source-Version: 0.9.45-5
We believe that the bug you reported is fixed in the latest version of
webcalendar, which is due to be installed in the Debian FTP archive:
webcalendar_0.9.45-5.diff.gz
to pool/main/w/webcalendar/webcalendar_0.9.45-5.diff.gz
webcalendar_0.9.45-5.dsc
to pool/main/w/webcalendar/webcalendar_0.9.45-5.dsc
webcalendar_0.9.45-5_all.deb
to pool/main/w/webcalendar/webcalendar_0.9.45-5_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tim Peeler <[EMAIL PROTECTED]> (supplier of updated webcalendar package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 13 Jun 2005 17:55:32 -0500
Source: webcalendar
Binary: webcalendar
Architecture: source all
Version: 0.9.45-5
Distribution: unstable
Urgency: low
Maintainer: Tim Peeler <[EMAIL PROTECTED]>
Changed-By: Tim Peeler <[EMAIL PROTECTED]>
Description:
webcalendar - PHP-Based multi-user calendar
Closes: 308500 308501 312821
Changes:
webcalendar (0.9.45-5) unstable; urgency=low
.
* Fixed a bug in the postinst that doesn't set permissions of settings.php
correctly on upgrade (closes: #312821)
* Fixed a bug in user-ldap.php which used the wrong arguments to
ldap_error() (closes: #308500)
* Fixed a bug in user-ldap.php which prevented connecting to the openldap
because openldap no longer allows LDAPv2 by default (closes: #308501)
Files:
4ba200c9d0ccad342521f2ee9a1628c3 595 web optional webcalendar_0.9.45-5.dsc
df063c32ea5ef6a5d3b0d0725e073e1a 9546 web optional webcalendar_0.9.45-5.diff.gz
fbee84ad4392c2d4722a84e793b3e2bb 628292 web optional
webcalendar_0.9.45-5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCr426SYIMHOpZA44RAmxEAJ4tzy7Qy5cdXW3mEnzojb9wYDWxaQCguct+
lXB+K+FJomLfO+TzdImJFjM=
=yii6
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
