Package: monopd Version: 0.10.2-4 Severity: grave Tags: security Justification: user security hole X-Debbugs-Cc: jason.lee.quinn+deb...@gmail.com, Debian Security Team <t...@security.debian.org>
Dear Maintainer, Recently upgraded from Buster to Bullseye. I'm not perusing "journalctl --boot" looking for errors and warnings and submitting bug reports as I tend to do after a Debian upgrade. One of the curious lines in my journal logs was /lib/systemd/system/monopd.service:8: Special user nobody configured, this is not safe! This does indeed appear to be a valid systemd warning. See commit at https://github.com/systemd/systemd/commit/bed0b7dfc0070e920d00c89d9a4fd4db8d974cf0 Marked as grave as per bug descriptions in the reportbug tool (introduces a security hole). Cheers, Jason -- System Information: Debian Release: 11.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-9-amd64 (SMP w/12 CPU threads) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages monopd depends on: ii libc6 2.31-13+deb11u2 ii libgcc-s1 10.2.1-6 ii libmuparser2v5 2.2.6.1+dfsg-1 ii libstdc++6 10.2.1-6 ii libsystemd0 247.3-6 ii lsb-base 11.1.0 monopd recommends no packages. Versions of packages monopd suggests: ii gtkatlantic 0.6.3-1
