Bug#572032: marked as done (world readable file ~/.josm/preferences contains password in plaintext)

Mon, 01 Mar 2010 15:53:16 -0800 

Your message dated Mon, 01 Mar 2010 23:47:12 +0000
with message-id <e1nmfks-0003tk...@ries.debian.org>
and subject line Bug#572032: fixed in josm 0.0.svn2561-2
has caused the Debian Bug report #572032,
regarding world readable file ~/.josm/preferences contains password in plaintext
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
572032: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572032
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: josm
Version: 0.0.svn2255-1
Justification: Policy 10.9
Severity: serious

*** Please type your report below this line ***
ls -al ~/.josm/preferences
returns -rw-r--r--

The problem with the plaintext password is nothing new.
But it is dangerous and could be avoided.
Josm should at least chmod 700 this file.


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-trunk-686 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages josm depends on:
ii  libgettext-commons-java 0.9.6-1          Java classes for
internationalizat
ii  libmetadata-extractor-j 2.3.1+dfsg-1     JPEG metadata extraction
framework
ii  openjdk-6-jre           6b17-1.7-1       OpenJDK Java runtime, using
Hotspo
ii  openstreetmap-map-icons 1:0.0.svn18468-1 Collection of map icons
(classic s
ii  sun-java6-jre           6-16-1           Sun Java(TM) Runtime
Environment (

Versions of packages josm recommends:
pn  josm-plugins                  <none>     (no description available)

josm suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: josm
Source-Version: 0.0.svn2561-2

We believe that the bug you reported is fixed in the latest version of
josm, which is due to be installed in the Debian FTP archive:

josm_0.0.svn2561-2.diff.gz
  to main/j/josm/josm_0.0.svn2561-2.diff.gz
josm_0.0.svn2561-2.dsc
  to main/j/josm/josm_0.0.svn2561-2.dsc
josm_0.0.svn2561-2_all.deb
  to main/j/josm/josm_0.0.svn2561-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 572...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Paleino <da...@debian.org> (supplier of updated josm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 02 Mar 2010 00:21:06 +0100
Source: josm
Binary: josm
Architecture: source all
Version: 0.0.svn2561-2
Distribution: unstable
Urgency: low
Maintainer: Debian GIS Project <pkg-grass-de...@lists.alioth.debian.org>
Changed-By: David Paleino <da...@debian.org>
Description: 
 josm       - Editor for OpenStreetMap
Closes: 572032
Changes: 
 josm (0.0.svn2561-2) unstable; urgency=low
 .
   * debian/watch fixed: implemented a redirector for uscan on Alioth.
   * debian/control:
     - add pkg-osm to uploaders
   * debian/patches/:
     - 50_preferences_world_readable.dpatch added, chmod the file to
       600 since it contains plaintext password for OSM (Closes: #572032)
Checksums-Sha1: 
 f0661e4ae66d2482b4430ccd4d6da3ed076c2d6a 1506 josm_0.0.svn2561-2.dsc
 39885ab8f75f47472e1f77e646281795cd0cf342 18928 josm_0.0.svn2561-2.diff.gz
 3e3940f5a352aba4c9c910df90e3ae351d54b1ad 5815176 josm_0.0.svn2561-2_all.deb
Checksums-Sha256: 
 b53cebd2f55944a5bf2dd81ae9f5c1a0e71fc3f9706f9c45b2965149b93947d9 1506 
josm_0.0.svn2561-2.dsc
 a5b29f388c4bdebf88af457fe824d7e015e0626f3d1164c8d783327083327e4c 18928 
josm_0.0.svn2561-2.diff.gz
 c7d3b2d4e4e89e32d8b66975336a9e5500960bad8e0f5540f2f98919dfc2a109 5815176 
josm_0.0.svn2561-2_all.deb
Files: 
 464f63b368ee283ae5553cc961c220cd 1506 utils extra josm_0.0.svn2561-2.dsc
 90d41afff8add9e1cbfd7975f886c41d 18928 utils extra josm_0.0.svn2561-2.diff.gz
 e4b7c6fef51a878471f16af75bbfde3c 5815176 utils extra josm_0.0.svn2561-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkuMTSAACgkQ5qqQFxOSsXTgoACbBBNQ4fvwTC2uYEvD3QprAa+a
KA0AoIJxGdz0KlwRt0mRjFf73VEfDwjX
=ONzN
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to