Your message dated Tue, 09 Feb 2010 07:02:08 +0000
with message-id <e1nek6q-0006yf...@ries.debian.org>
and subject line Bug#567906: fixed in ssmtp 2.64-3
has caused the Debian Bug report #567906,
regarding ssmtp.conf file permissions are wrong
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
567906: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567906
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ssmtp
Version: 2.64-1
Severity: critical
Justification: causes serious data loss
The configuration file /etc/ssmtp/ssmtp.conf is not readable
by everybody, but ssmtp itself is run without any special privileges:
zsh% ls -l /etc/ssmtp/ssmtp.conf /usr/sbin/ssmtp
-rw-r----- 1 root mail 607 Dec 9 12:49 /etc/ssmtp/ssmtp.conf
-rwxr-xr-x 1 root root 36168 Nov 24 03:33 /usr/sbin/ssmtp*
zsh%
I've been running ssmtp for a long time just fine. I'm not
sure if this problem is a result of a broken package upgrade
script or something else. I failed to notice when it broke,
but it was probably in November. I only noticed it today and
it's the same on all my machines, whether sparc or intel and
32bit or 64bit.
I set the severity to critical, since other packages such as
cron and checksecurity depend on a working sendmail. I suppose
this could even be classified as a security vulnerability.
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.31-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages ssmtp depends on:
ii debconf [debconf-2.0] 1.5.28 Debian configuration management sy
ii libc6 2.10.2-5 Embedded GNU C Library: Shared lib
ii libgnutls26 2.8.5-2 the GNU TLS library - runtime libr
ssmtp recommends no packages.
ssmtp suggests no packages.
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: ssmtp
Source-Version: 2.64-3
We believe that the bug you reported is fixed in the latest version of
ssmtp, which is due to be installed in the Debian FTP archive:
ssmtp_2.64-3.debian.tar.bz2
to main/s/ssmtp/ssmtp_2.64-3.debian.tar.bz2
ssmtp_2.64-3.dsc
to main/s/ssmtp/ssmtp_2.64-3.dsc
ssmtp_2.64-3_amd64.deb
to main/s/ssmtp/ssmtp_2.64-3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 567...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Anibal Monsalve Salazar <ani...@debian.org> (supplier of updated ssmtp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 09 Feb 2010 17:34:17 +1100
Source: ssmtp
Binary: ssmtp
Architecture: source amd64
Version: 2.64-3
Distribution: unstable
Urgency: low
Maintainer: Anibal Monsalve Salazar <ani...@debian.org>
Changed-By: Anibal Monsalve Salazar <ani...@debian.org>
Description:
ssmtp - extremely simple MTA to get mail off the system to a mail hub
Closes: 567906
Changes:
ssmtp (2.64-3) unstable; urgency=low
.
* Change ssmtp permissions
Patch by Jörg Sommer
Closes: 567906
Checksums-Sha1:
b50ca6f50f60451d6b6903f6c86c8b581e75b90e 1825 ssmtp_2.64-3.dsc
6b30ff18aef8d7b1793d8e1380158a71dc12e633 33222 ssmtp_2.64-3.debian.tar.bz2
42a7fdb760239b985071bd8332bd85da1f0ee11f 53888 ssmtp_2.64-3_amd64.deb
Checksums-Sha256:
0f97235b3c3980afebba4e04af4b9645233a1f20ac0799f5ed8971c13d22781b 1825
ssmtp_2.64-3.dsc
36f8eaa4b90d09f3a4c1e29e7df0ddf3c9886b51eb38de6a5ea1c060d7722e0f 33222
ssmtp_2.64-3.debian.tar.bz2
1520f33cd5ff7d889c6ba517afd079e7ec0226e427f26347aae780787e63632f 53888
ssmtp_2.64-3_amd64.deb
Files:
3ee934e3fc9c9cb9104b1553283337d9 1825 mail extra ssmtp_2.64-3.dsc
2e0581cf430bc148b63056b8c82288b9 33222 mail extra ssmtp_2.64-3.debian.tar.bz2
3fdd83483cf1ab587e4d0a322dfb80e4 53888 mail extra ssmtp_2.64-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQIcBAEBCAAGBQJLcQbTAAoJEHxWrP6UeJfYKl8QAJ1Cx5TwydN/zMXMkI4KiwCI
0bY2zjoOUIBjrXzOokbPRye/dQouemyZ069SrER84VyAfPZHOXN+xmnRRiaP0tfM
K6lGDHIwDfARFKYGaLoONovCtM4buJNNWMC8at0Rl/FGjiWmPUhLeF/fahG8iJqU
f6z0/biVhTnD1UPww/KG3qRDUJUuAX9aN9TdhfHZQGTGtmWMY/AbWvwn8NOUY8FM
LduD/piJVhGnifEI/JJK6UkfXUjAZYb9BIT0lcIecF2pAFRl9DZCHvuhzz7MclI/
OHebZvDrBC6Ks8DLfsZnTWAo30HfCCvmE6r6z9CBq9mz0CbYEu5f4gRpaRnVVTBH
sQzOQ97dVa2baaZgKMEv3S+rut9DRjiBhzFc2f1N3sQc5ljdad6iRFD0LBb0nRV7
K604QNRN68dMhhIPIhkt0qIISJOLiXrgEB6lT4PttAxsS8ElVd3ZIEZ9VOXnrE/i
ATTOF1Zqc1IqbuSw2GNYuF9IOXwE4YKyGUU/ttEL17v8VKmilZ8V62sDQzXKfCMX
ldhykjEDFQ5qieGW+xg+Ry43WYuEZUxvQJ0lYn4THPzqqyeaQhOXmT/vOAtMlDzA
ybTOspjmxHhK0Hs77Q1MOS9zY0TMd//p/5I0ZqyS6kcZ4sCw+vIL3tlpiCdZoRD+
Yzgi/dMsJq+T0PiQ/M0l
=JiQv
-----END PGP SIGNATURE-----
--- End Message ---
