Your message dated Sun, 30 Apr 2006 06:47:23 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#362627: fixed in freepops 0.0.98-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: freepops
Version: 0.0.98-2
Severity: grave
Tags: security
Justification: user security hole
Hi, I have been using freepops for a while for accessing some of my
accounts and I just discovered that the hotmail plugin seems to have a
*very* nasty side-effect: it creates a world-readable file named
log_raw.txt right under the root directory and it contains sensitive
information (the whole transaction/contents of the emails):
Here is an excerpt from such file that does *not* contain sensitive
information:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Fri Apr 14 09:02:50 2006 : Session removed (STAT Failure) - Account: [EMAIL
PROTECTED]
Fri Apr 14 09:05:32 2006 : Entering login
Fri Apr 14 09:05:43 2006 : Successful login
Fri Apr 14 11:14:41 2006 : Entering login
Fri Apr 14 11:14:52 2006 : Successful login
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Given the problem of such a breach, I'd think that the current
recommendation would be to disable the module. Other modules may be
affected by the same problem (I don't know, as I don't use many of
them).
Please, let me know if more information is needed.
Thanks, Rogério Brito.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (900, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.16.5-1
Locale: LANG=C, LC_CTYPE=pt_BR (charmap=ISO-8859-1)
Versions of packages freepops depends on:
ii debconf [debconf-2.0] 1.4.72 Debian configuration management sy
ii libc6 2.3.6-3 GNU C Library: Shared libraries an
ii libcurl3-gnutls 7.15.3-1 Multi-protocol file transfer libra
ii libexpat1 1.95.8-3 XML parsing C library - runtime li
ii libgcrypt11 1.2.2-1 LGPL Crypto library - runtime libr
ii lsb-base 3.0-16 Linux Standard Base 3.0 init scrip
freepops recommends no packages.
-- debconf information:
* freepops/jail: false
* freepops/init: true
--
Rogério Brito : [EMAIL PROTECTED] : http://www.ime.usp.br/~rbrito
Homepage of the algorithms package : http://algorithms.berlios.de
Homepage on freshmeat: http://freshmeat.net/projects/algorithms/
--- End Message ---
--- Begin Message ---
Source: freepops
Source-Version: 0.0.98-3
We believe that the bug you reported is fixed in the latest version of
freepops, which is due to be installed in the Debian FTP archive:
freepops-doc_0.0.98-3_all.deb
to pool/main/f/freepops/freepops-doc_0.0.98-3_all.deb
freepops_0.0.98-3.diff.gz
to pool/main/f/freepops/freepops_0.0.98-3.diff.gz
freepops_0.0.98-3.dsc
to pool/main/f/freepops/freepops_0.0.98-3.dsc
freepops_0.0.98-3_amd64.deb
to pool/main/f/freepops/freepops_0.0.98-3_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Enrico Tassi <[EMAIL PROTECTED]> (supplier of updated freepops package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 30 Apr 2006 15:31:52 +0200
Source: freepops
Binary: freepops-doc freepops
Architecture: source amd64 all
Version: 0.0.98-3
Distribution: unstable
Urgency: low
Maintainer: Enrico Tassi <[EMAIL PROTECTED]>
Changed-By: Enrico Tassi <[EMAIL PROTECTED]>
Description:
freepops - POP3 interface to several webmails
freepops-doc - freepops user/developer manual
Closes: 362627
Changes:
freepops (0.0.98-3) unstable; urgency=low
.
* ENABLE_LOGRAW set to false. It is a debugging option left active by
mistake. (Closes: #362627)
Files:
3af0244dd94959e4408d72da5b9cfbad 711 mail optional freepops_0.0.98-3.dsc
dbfed1b746fb03006867251ff1383a5b 10003 mail optional freepops_0.0.98-3.diff.gz
06beac09a64913cb64b79bc50bf7d210 724144 doc optional
freepops-doc_0.0.98-3_all.deb
d31b0f172cb87a8771d35be7a21b657d 324258 mail optional
freepops_0.0.98-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEVL2y7kkcPgEj8vIRApR8AJ9D+KcPg7kE86xBAVP9VH8SYcqLpwCbBqbb
EI8ZvL2/9TTXHIlLEpjqOiM=
=5VYy
-----END PGP SIGNATURE-----
--- End Message ---
