Bug#780645: marked as done (shinken-mod-webui: files containing password or salt are word readable)

Fri, 27 Mar 2015 14:40:06 -0700 

Your message dated Fri, 27 Mar 2015 21:36:04 +0000
with message-id <e1ybbva-0006uv...@franck.debian.org>
and subject line Bug#780645: fixed in shinken-mod-webui 1.0-3
has caused the Debian Bug report #780645,
regarding shinken-mod-webui: files containing password or salt are word readable
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
780645: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780645
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: shinken-mod-webui
Version: 1.0-1
Severity: grave
Tags: security
Justification: user security hole

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The two files referenced in README containing users+passwords and salt
are world readable.

Any local user can apparently gain administrator access to shinken!


 - Jonas

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVCAslAAoJECx8MUbBoAEhlxAP/2bvzmTfk9ZbXrlVO/9jLS98
FAQeiDK81tBmUz1ey4ZsheaSaBnysB31M8SFgNNfAa27mfQLZ2EtmPkbsaqiTcy2
SXy2k4LtTE7ccIJs5cPFdvVlwjAX/ZRVDBkaIMxt4qfpoD3BoK7kiANrO/qoVojx
l03M+gyMy1lJZJXCz5rcpRnUMA7tRHOg0FjkGdff3XlQpzm/RV3SM8BzdUFOBoW0
nCo7spLbT5A83kLajv+0DXJfuAibW9ViFmY64y2hd9xew3ZK3AE+utKu2p4pBW98
9Elqa2vQ9NZzXZ8SkAsp/eeVs6SaK2XzwMyQosuIvtlmQYdh9uOC/sgy1KztoZ3g
vez1NzRKSVdsx35O5L5hlZTAij6rs5wl41BOBlf5/27AoSWa9vqvT5ko+Vy4Unnv
GvRAVobHjTBPeaS6Y12Njzzltr45Xl5nslY7GuoBDi9Ck//2I8vN3KZmqI/M/huV
dKBoESDyRlxeannsV3YHxBDlXs9wBmtji/86acQ16gGUMj6cnRSfcmg1uCQKGLOc
iIZJUlD2txPrGCnZR/WUN35oTN5Hk51SLeL/5lsiuqU5kIjzt41ebJngyt5vOfYC
SSTut3aub74QJxWBPAtQvPAjXM7FHea4Fu1+CLasM8pGWG8Xyv+OYT32Ut9sPEjI
x7T1b6PDquLhukInM08s
=K7qm
-----END PGP SIGNATURE-----

--- End Message ---
--- Begin Message --- 
Source: shinken-mod-webui
Source-Version: 1.0-3

We believe that the bug you reported is fixed in the latest version of
shinken-mod-webui, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 780...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thibault Cohen <thibault.co...@savoirfairelinux.com> (supplier of updated 
shinken-mod-webui package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 26 Mar 2015 10:19:04 -0400
Source: shinken-mod-webui
Binary: shinken-mod-webui
Architecture: source all
Version: 1.0-3
Distribution: unstable
Urgency: medium
Maintainer: Shinken Debian packages maintainers 
<pkg-shinken-ma...@lists.alioth.debian.org>
Changed-By: Thibault Cohen <thibault.co...@savoirfairelinux.com>
Description:
 shinken-mod-webui - Shinken webui module
Closes: 780645
Changes:
 shinken-mod-webui (1.0-3) unstable; urgency=medium
 .
   [ Thibault Cohen ]
   * Fix perms on webui.cfg. (Closes: #780645)
Checksums-Sha1:
 3ced1d90b4e575aa9a2a290d99bbb4cea9f26e80 2111 shinken-mod-webui_1.0-3.dsc
 baf61a89308aea93b28e841dc68dadd0c85f3ab2 398412 
shinken-mod-webui_1.0-3.debian.tar.xz
 450c8f6279809f395463bdf0a57cb527e7a97441 2599130 
shinken-mod-webui_1.0-3_all.deb
Checksums-Sha256:
 ffa4274040b805061948824ec9950da81af8407561c8867b415ac5fe23d73ef6 2111 
shinken-mod-webui_1.0-3.dsc
 50dfcc39a23853cce5e40feb8e24959c68247db9bb4eae58c76fee4d12c5ede0 398412 
shinken-mod-webui_1.0-3.debian.tar.xz
 4e9f537d0058df7ad8775efc6ca95f3bc5ff19f8c13404238856a607b56281f5 2599130 
shinken-mod-webui_1.0-3_all.deb
Files:
 55c42cc4f77aace4aeb6736e304b7d77 2111 net optional shinken-mod-webui_1.0-3.dsc
 9720a8a44bef8b5fe76a287311ccc154 398412 net optional 
shinken-mod-webui_1.0-3.debian.tar.xz
 ebb5955b12b92fa3b135cf18c2f11096 2599130 net optional 
shinken-mod-webui_1.0-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVFbwKAAoJEK4DmARmaB+l6okP/0Gp4Rg5pzc66c4qWsr3LX+v
/G2GLgjoLhx+Doeqk5vwjDof3zmetFeekcOzzJGegog4mxTiq6o/LcrZS+tooZ4P
Cr+YkYCpM1pr1gkd5IXldxgepiANRo6KENn7LACY1Z/KLfyOccASYviTflAjDJ1v
YGjYWVqpm0QOVPIjselNgEY+Bh8zLXSh1T5p0drjwuznL9IropRQKH0uXhO0OUxv
l/KJH6sJA/aOntxRSaLBvuPuU5jWi8xwdeGUPYR/R4FUKtQzPP8+3bxQVfKxI4em
JleAaUCD0DQD5/9fm/P0Z5Nk6gr15Ctqdf5jGHQ/lrCVlodbl09T5Vkw4UVeY05Z
nniIofAjdu4s806D7hBXaDUgS0xfy/9be472SldaI9jyiBmb9zEtQjWRzfpdlSby
P2bprFAEfA+9LB75/9CF87E7ItEmHQbyYY0P2wLnYw8msgyKWz+NFbOB3OljRcus
hQW26QvR9hb0HWGRkPWqNlR6xE/NQoJ7gArBhQNRgDaVtUxDBiGReRvRVexWZhkf
6FcA4GL101kFdM6Xq7zH+TmXprOhRLWjC3JkeZRMT13wLVw6kaULyM20wRc5kmdZ
/VvYAZ/DfR7l7nK9+7hTFFFFzV0ER9ydQwdC06hodfytE/XjaeTeqbiyuxB6J84T
xVr43aoANLHIy3t2Oo1I
=Jgd2
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to