Bug#724746: marked as done (tntnet: Default configuration exports whole filesystem via HTTP)

[Debian Bug Tracking System]

Your message dated Sun, 29 Sep 2013 21:17:08 +0000
with message-id <e1vqomw-0003ai...@franck.debian.org>
and subject line Bug#724746: fixed in tntnet 2.1-2+deb7u1
has caused the Debian Bug report #724746,
regarding tntnet: Default configuration exports whole filesystem via HTTP
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
724746: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724746
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: tntnet
Version: 2.1-2
Severity: grave

Dear Maintainer,

the default configuration of the tntnet package contains this line:

MapUrl  ^/(.*)$ static@tntnet /$1

This causes the whole filesystem to be exported via HTTP, thus allowing
all files readable by the user www-data on the whole system to be
downloaded via HTTP. For example a GET request to
http://hostname/etc/passwd will return the /etc/passwd file.

The line should be changed like this:

MapUrl  ^/(.*)$ static@tntnet /var/www/$1


-- System Information:
Debian Release: 7.1
  APT prefers stable
  APT policy: (1051, 'stable'), (500, 'stable')
Architecture: i386 (x86_64)

Kernel: Linux 3.4.60 (SMP w/16 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

--- End Message ---

--- Begin Message ---

Source: tntnet
Source-Version: 2.1-2+deb7u1

We believe that the bug you reported is fixed in the latest version of
tntnet, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 724...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kari Pahula <k...@debian.org> (supplier of updated tntnet package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 29 Sep 2013 20:36:32 +0300
Source: tntnet
Binary: tntnet tntnet-doc tntnet-demos libtntnet10 libtntnet-dev tntnet-runtime
Architecture: source all amd64
Version: 2.1-2+deb7u1
Distribution: stable
Urgency: high
Maintainer: Kari Pahula <k...@debian.org>
Changed-By: Kari Pahula <k...@debian.org>
Description: 
 libtntnet-dev - Tntnet library development headers
 libtntnet10 - Tntnet libraries
 tntnet     - modular, multithreaded web application server for C++
 tntnet-demos - demo web applications for Tntnet
 tntnet-doc - documentation for Tntnet
 tntnet-runtime - Tntnet runtime system
Closes: 724746
Changes: 
 tntnet (2.1-2+deb7u1) stable; urgency=high
 .
   * Fix insecure default tntnet.conf.  (Closes: #724746)
Checksums-Sha1: 
 5ecd3ed7ffbc69a606183dbb67667958aa95c9f4 2004 tntnet_2.1-2+deb7u1.dsc
 7c009fc417f23b29f3630a046504d80012613108 47043 
tntnet_2.1-2+deb7u1.debian.tar.gz
 54ae3f74e94b5d718b5e0ef91f27bc5c9e29e229 1106844 
tntnet-doc_2.1-2+deb7u1_all.deb
 0588b2f947308269d9abbd196df92d723c8e722b 53984 tntnet_2.1-2+deb7u1_amd64.deb
 8e7c397055d2067799cce554552007d52f8f62b7 293650 
tntnet-demos_2.1-2+deb7u1_amd64.deb
 3885a08e9071e935e59fc9a34f623cd9974840d9 346106 
libtntnet10_2.1-2+deb7u1_amd64.deb
 4fdce1c6ea1e1f295e3c925cc2ccd8cc89be0beb 133034 
libtntnet-dev_2.1-2+deb7u1_amd64.deb
 d91c39e1a0c839cd13fb0eb65a89e0e4d82a0118 40844 
tntnet-runtime_2.1-2+deb7u1_amd64.deb
Checksums-Sha256: 
 2052ef2c2ce9de140f0641ccf3bb162b822009094e3758ca8266d220df0ac198 2004 
tntnet_2.1-2+deb7u1.dsc
 c6b96c818855d5f94d025c2adb923cfca3ec79ca0db8c6a02961f1b36605b1f1 47043 
tntnet_2.1-2+deb7u1.debian.tar.gz
 ea581f5725c31f56cc489d7b156c366b0b59e2669689c38d63c5a014098ec597 1106844 
tntnet-doc_2.1-2+deb7u1_all.deb
 3542ced6acde12761899d0e07f69f070b24af2475a9b676ffba39a6b10cb83f2 53984 
tntnet_2.1-2+deb7u1_amd64.deb
 7d46c7c6d333ccaa7cc77daf9716e9cf4ff4927b0cb231cbfd77ba10863cc24f 293650 
tntnet-demos_2.1-2+deb7u1_amd64.deb
 8b8e2a5541126be3d8b74960a8360b424ef452d99e18269e31e133cb719dbd78 346106 
libtntnet10_2.1-2+deb7u1_amd64.deb
 d45a14afb75e4452387084bd1c4eaf1a32c4876bca6c8365a477c9a41167bd5d 133034 
libtntnet-dev_2.1-2+deb7u1_amd64.deb
 9d1d257ecc0de0a52c7f437675268a8dfa99ad880945ed223bc284cac76979e8 40844 
tntnet-runtime_2.1-2+deb7u1_amd64.deb
Files: 
 537b7f19ffedfaf7559ba31e3337787a 2004 web extra tntnet_2.1-2+deb7u1.dsc
 2644b2458d31cc6bf1783ff40c95786e 47043 web extra 
tntnet_2.1-2+deb7u1.debian.tar.gz
 b09833d408d5025805dee74f47823b32 1106844 doc extra 
tntnet-doc_2.1-2+deb7u1_all.deb
 0ea9746e7e422836c9d0049b602e000c 53984 web extra tntnet_2.1-2+deb7u1_amd64.deb
 10df506ec7ff34a9cb7a92d5807d1056 293650 doc extra 
tntnet-demos_2.1-2+deb7u1_amd64.deb
 61726938571c5826efa8829157189b5d 346106 libs extra 
libtntnet10_2.1-2+deb7u1_amd64.deb
 975da9554e020182a5cb9e708e06351b 133034 libdevel extra 
libtntnet-dev_2.1-2+deb7u1_amd64.deb
 9f01fc4293eef1bd337255cf74259c3d 40844 web extra 
tntnet-runtime_2.1-2+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBCAAGBQJSSGgEAAoJEIQIZ+6djyZcl6MP/jnk/7YQCZkc75ZTJ7JLpzUP
3qRd2EF75ukWq+Vvz1jbXywKNBAMNBVfBpCowEjTV9YvaYauF4qRvQFMFgntZZ+D
ySAJVk5v5MEyvqdUcWCwkF82sLE8ykx2UHcPA0xHyragsflFDbAOE2jQPJlN/lQv
gtYx1q1pX4kWa+AMW9WEo7LNcW7yml+ZHaMxvqcawQ8uM/53xGCKoI8kkd7pYZ49
jBAzMIN/Huz91NnBvzoo4w9FHkf+5rK2qY32WwQwp09asAqAFHfc4QhWI5dy7VfA
HkE6BOFzYF9vMJtVETEq6fMkuNEe8m1YFw2zogc0vNIe5mmmmccJLalUWQR3RkYi
SqCbH5/A7hUzXWEp2Y44REET185MDacLh84JU/uzfh7Hjo//s2dT0Qur8MDUgagC
ZL91/mk7S2jZTonfLbcF7I1mUL12BtDjPv1IcJe2mOQy25coxIIdfThu6XywBsyq
i/tl2yXSXwXR5599JEYmVZLteAoBqdQrcGEcTZf1uNy5q3Bn3+QWPsiUl/uNp5xn
W/1LT8O7hOLInzTftDzhw+R+JUvzE2lXFjvDWg5TzHZ51uCixKYnWm/grJXpiz6v
bNV46wdjFDBQT18wE5jI/qMVcMxEPvTCr0ajo8lK/tAZ4sTKKZ6Y3ZliEzqhyrIs
vT3YnPn2UzwROFTKNXhT
=I5sq
-----END PGP SIGNATURE-----

--- End Message ---