Your message dated Tue, 13 May 2014 21:19:20 +0000 with message-id <e1wkk6a-0000ns...@franck.debian.org> and subject line Bug#728871: fixed in fookebox 0.6.1-3 has caused the Debian Bug report #728871, regarding fookebox: bogus secret value in config to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 728871: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728871 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: fookebox Version: 0.6.1-2 Severity: grave Tags: security Justification: user security hole Default config installed as /etc/fookebox/config.ini contains this line: beaker.session.secret = somesecret According to [Pylons documentation] that secret "should be a secret, ideally randomly generated value on production environments." - Jonas [Pylons documentation]: http://docs.pylonsproject.org/projects/pylons-webframework/en/latest/sessions.html
--- End Message ---
--- Begin Message ---Source: fookebox Source-Version: 0.6.1-3 We believe that the bug you reported is fixed in the latest version of fookebox, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 728...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stefan Ott <ste...@ott.net> (supplier of updated fookebox package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 01 May 2014 23:41:11 +0200 Source: fookebox Binary: fookebox Architecture: source all Version: 0.6.1-3 Distribution: unstable Urgency: low Maintainer: Stefan Ott <ste...@ott.net> Changed-By: Stefan Ott <ste...@ott.net> Description: fookebox - web-based jukebox frontend to mpd Closes: 728871 731641 Changes: fookebox (0.6.1-3) unstable; urgency=low . * debian/postinst: Generate a secure session secret closes: #728871 * debian/control - Recommend javascript-common closes: #731641 - Bump Standards-Version to 3.9.5 Checksums-Sha1: cf6b29e6b1d76985dc645c8ac8b98b4dc59fed2b 1984 fookebox_0.6.1-3.dsc 5f5d405440bc9a98afa05a3880ad25d55eb5fada 12056 fookebox_0.6.1-3.debian.tar.xz 2a1243c563bdd23593f11ac85d9b05921ebbc7bd 57478 fookebox_0.6.1-3_all.deb Checksums-Sha256: ab72490823bb089471fcdd3db319d3dbe212c1412a78e541ca362cd91c455523 1984 fookebox_0.6.1-3.dsc c9dc8794ee4195fd0e82bb059abb76266d8e9cba95ff0f710adfea07501cba1c 12056 fookebox_0.6.1-3.debian.tar.xz 524ee5a8dcb0983d560e044e0add7ed475d9eb91bff9c1c7d898a413120679bc 57478 fookebox_0.6.1-3_all.deb Files: feca31b35d0ad10992ec733684c46bd8 57478 web optional fookebox_0.6.1-3_all.deb 4bf4acd5a1f218e67b664475460d3eda 1984 web optional fookebox_0.6.1-3.dsc 2c2fb2d7acbf8a250bf2223579e27372 12056 web optional fookebox_0.6.1-3.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJTcoryAAoJEK728aKnRXZFaokP+wVYUC69vWK1IS+nAY1ecrKq MiL3ERWV+4+LmAyBjzfA/RV2lNv90oINShs2Muij1nvsvxPmmUSox7kXP+f8F2fs nZN0WyCESLEV9B1a0hjA1MjJsAG5xHf10CwL4jLegkcNGAUKishfPQwuAlaaJSGN qsW/TyrTxIM4fQHSp+VX5nAntU0y+PJ4nO7uovOHJ+ZCYrkTf4dJK56vgRdzQx7W DLS1lMzNayP2vOJinKsBbYlan9lbU8tXQ6c3o+iSKdhugaDFZRGEEx1G2HeoWMXJ HOr64v4t3N9H52V614QErPqcJxW63tadFFbKI+KmnTk3yn17P+wcqkRqeWO+kPwp rnAK/TzEGetrufkhrKZy/nmWFNh7RPMtZcF6L3esUkJVzbpvEf1fdtygbknur6dA QdshEWGOF1i1MbUA1OyCPTcDSKP8HL+r7L0or3x8TfHYs32mw8ZmX2V9KiOwFDj1 WmiMuu8Rsv21DZzT0Va6G6x0GrlVVGRzrFj0/iiehj40rUTVdb4huuYJLJxN7hOp v9091C9e4gPtp2EJQmSpFkdPSs1gtZLIBoEo+BcNpYdgcvkodAYU1w3QfNxE4NhE Dk8zk1I9oHrDrY2ytqyHNrLH08tOGUwPWySvCr47gUSE8iaH0NaMYuG9RpiUksOe 8nIqSIey52vFYJjgcNWT =c6ao -----END PGP SIGNATURE-----
--- End Message ---
