Processed: Re: Bug#652914: security concerns with xmms2d

2012-03-03 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org: > severity 652914 normal Bug #652914 [xmms2-core] security concerns with xmms2d Severity set to 'normal' from 'grave' > retitle 652914 should document how to not run xmms2d insecurely Bug #652914 [xmms2-core] security concerns with xmms2d Changed B

Bug#652914: security concerns with xmms2d

2012-03-03 Thread Simon McVittie
severity 652914 normal retitle 652914 should document how to not run xmms2d insecurely thanks > - in the default configuration, xmms2d is secured using UNIX domain > sockets, this is reasonably secure > > - however, users may be tempted to enable TCP mode, which has no > security at all The exis

Bug#652914: security concerns with xmms2d

2011-12-22 Thread Daniel Svensson
On Thu, Dec 22, 2011 at 7:01 AM, Daniel Pocock wrote: > However, it is not so obvious that the socket allows people to browse > the server filesystems - even some more advanced users may find that > surprising I agree, if it wasn't for the fact that this is exactly how it works if you use XMMS2 o

Bug#652914: security concerns with xmms2d

2011-12-21 Thread Daniel Pocock
On 21/12/11 23:43, Daniel Svensson wrote: > On Wed, Dec 21, 2011 at 11:18 PM, Daniel Svensson wrote: >> On Wed, Dec 21, 2011 at 8:55 PM, Daniel Pocock wrote: >>> Package: xmms2-core >>> Version: 0.7DrNo+dfsg-2 >>> Severity: grave >>> >>> I've chosen the severity `grave' as it is suggested for i

Bug#652914: security concerns with xmms2d

2011-12-21 Thread Daniel Svensson
On Wed, Dec 21, 2011 at 11:18 PM, Daniel Svensson wrote: > On Wed, Dec 21, 2011 at 8:55 PM, Daniel Pocock wrote: >> Package: xmms2-core >> Version: 0.7DrNo+dfsg-2 >> Severity: grave >> >> I've chosen the severity `grave' as it is suggested for issues that >> could "introduce a security hole allow

Bug#652914: security concerns with xmms2d

2011-12-21 Thread Daniel Svensson
On Wed, Dec 21, 2011 at 8:55 PM, Daniel Pocock wrote: > Package: xmms2-core > Version: 0.7DrNo+dfsg-2 > Severity: grave > > I've chosen the severity `grave' as it is suggested for issues that > could "introduce a security hole allowing access to the accounts of > users who use the package" > http:

Bug#652914: security concerns with xmms2d

2011-12-21 Thread Daniel Pocock
Package: xmms2-core Version: 0.7DrNo+dfsg-2 Severity: grave I've chosen the severity `grave' as it is suggested for issues that could "introduce a security hole allowing access to the accounts of users who use the package" http://www.debian.org/Bugs/Developer#severities Details: - in the default