On Mon, 30 Jul 2012, Yves-Alexis Perez wrote: > Source: icinga > Severity: grave > Tags: security > Justification: user security hole > > Hi, > > DB creation scripts shipped in icinga-idoutils are insecure (they grant > privileges for all users). See > https://bugzilla.novell.com/show_bug.cgi?id=767319 and: > > https://git.icinga.org/?p=icinga-doc.git;a=commitdiff;h=619a08ca1178144b8a3a5caafff32a2d3918edab > https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=712813d3118a5b9e5a496179cab81dbe91f69d63 > > As far as I can tell the bug in stable is only in documentation, but in > Wheezy it affects the scripts too. Please backport the changes and only > upload a targeted fix. hmm? we use dbconfig-common. We don't use this script, we also don't install README.RHEL.idoutils anywhere. So this is docs only.
Alex -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
