Package: prewikka Version: 0.9.14-2 Severity: critical Justification: causes serious data loss
*** Please type your report below this line *** The permissions of the prewikka.conf file are world readable and contain the SQL-database password used by prewikka. This update makes it readable just by the apache group. References: https://dev.prelude-technologies.com/projects/prewikka/repository/revisions/17e38c310410be1b7811152172cda4438936063d https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00771.html https://bugs.gentoo.org/show_bug.cgi?id=270056 This has CVE-2010-2058 assigned. -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
