Bug#792485: etckeeper/git sets SSH host key perms to 644

Control: tags -1 -security Control: severity -1 normal Actually, looking back at this, this is not a vulnerability directly with etckeeper, or at least, nothing that wasn't already clearly explained in the README. To quote it: > ## security warnings > > First, a big warning: By checking /etc int

Processed: Re: Bug#792485: etckeeper/git sets SSH host key perms to 644

Processing control commands: > tags -1 -security Bug #792485 [etckeeper] etckeeper/git sets SSH host key perms to 644 Removed tag(s) security. > severity -1 normal Bug #792485 [etckeeper] etckeeper/git sets SSH host key perms to 644 Severity set to 'normal' from 'critical' -- 792485: http://bugs

Bug#792485: etckeeper/git sets SSH host key perms to 644

Hi, Thanks for the bug report. Normally, such bugs should be reported to secur...@debian.org with the package maintainer in CC instead of in a public bug tracker, but let's deal with it now that it's public... I can confirm the bug: doing a checkout or a reset exposes private files in `/etc` to a

Bug#792485: etckeeper/git sets SSH host key perms to 644

Package: etckeeper Version: 0.63 Severity: critical Tags: patch security Justification: root security hole Dear Maintainer, * What led up to the situation? I am using etckepper with git to keep track of my changes in /etc. After reverting a commit (used commands: revert, reset, commit, checko