Bug#765895: marked as done (rkhunter: maybe the Debian version should deactivate any update functionality)
Your message dated Wed, 05 Jul 2017 18:05:02 + with message-idand subject line Bug#765895: fixed in rkhunter 1.4.4-2 has caused the Debian Bug report #765895, regarding rkhunter: maybe the Debian version should deactivate any update functionality to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 765895: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765895 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: rkhunter Version: 1.4.2-0.1 Severity: wishlist Tags: security Hi. This is something for consideration: rkhunter has this "updating" functionality, which apparently downloads new stuff from the web, updates the mirrors list and so on. In a way I feel that this should be disabled (at lest per default) in Debian for several reasons: 1) security While I haven't checked rkhunter in specific, downloading stuff from the, especially new code or pattern files or anything that is actually used by a program is always really tricky and difficult. Signing alone is by far not enough, as this often still allows for blocking/downgrading attacks. Some time ago I've started a longer thread about this on debian-devel... It seems to use wget/curl per default for downloading, which means at best, everything is SSL/TLS secured,... which basically means no security at all. wget/curl, both use per default still SSLv3 (which is broken since POODLE, latestly)... and even worse,... any CA which is activated in the system, which is per default a big list, including such untrustworthy fellows as CNNIC) could forge certificates for the source-forge mirrors and potentially deliver our users forged files (if MitM attacks are possible as well). So I guess it's better to be sceptical... especially since rkhunter runs as root. As I said, I don't wanna claim that rkhunter wouldn't do this cleanly, since I haven't checked it... but even if secure, there comes the following: 2) if packages "update" themselves, they circumvent the package management system, which no only does everything from (1) correctly... it should also be the central point of the system, that updates software and its code, with only very few execptions (typically highly volatile stuff like spam filter rules, or virus definition files). If anything new goes to rkhunter, it should go to Debian via a porper package upgrade, not via some of rkhunter's own update functions. That being said,... if you agree, than I think the following changes to the default confiugration hopefully do the job: ROTATE_MIRRORS=0 (not strictly necessary) UPDATE_MIRRORS=0 (do not update mirrors) MIRRORS_MODE=1 (only use local mirrors, never even try to get anything remote) UPDATE_LANG=en (do not update language files) WEB_CMD=/bin/false (let any downloading fail) Apart from that, --update seems to not work anyway (at least for me it always fails, even without the options from above). Cheers, Chris. --- End Message --- --- Begin Message --- Source: rkhunter Source-Version: 1.4.4-2 We believe that the bug you reported is fixed in the latest version of rkhunter, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 765...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Francois Marier (supplier of updated rkhunter package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 05 Jul 2017 10:39:31 -0700 Source: rkhunter Binary: rkhunter Architecture: source all Version: 1.4.4-2 Distribution: unstable Urgency: medium Maintainer: Debian Forensics Changed-By: Francois Marier Description: rkhunter - rootkit, backdoor, sniffer and exploit scanner Closes: 765895 Changes: rkhunter (1.4.4-2) unstable; urgency=medium . * Disable remote updates to prevent bugs like CVE-2017-7480 in the future (closes: #765895). * Include db files in md5sums and remove lintian overrides. * Use standard file permissions for db files and remove lintian overrides. Checksums-Sha1: 9bc46b375973ee754a764e42d345b59f7e278bfd 2083 rkhunter_1.4.4-2.dsc
rkhunter_1.4.4-2_amd64.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 05 Jul 2017 10:39:31 -0700 Source: rkhunter Binary: rkhunter Architecture: source all Version: 1.4.4-2 Distribution: unstable Urgency: medium Maintainer: Debian ForensicsChanged-By: Francois Marier Description: rkhunter - rootkit, backdoor, sniffer and exploit scanner Closes: 765895 Changes: rkhunter (1.4.4-2) unstable; urgency=medium . * Disable remote updates to prevent bugs like CVE-2017-7480 in the future (closes: #765895). * Include db files in md5sums and remove lintian overrides. * Use standard file permissions for db files and remove lintian overrides. Checksums-Sha1: 9bc46b375973ee754a764e42d345b59f7e278bfd 2083 rkhunter_1.4.4-2.dsc 3fa03853195746f5a0dae1baa3a0ba11997a56b5 26328 rkhunter_1.4.4-2.debian.tar.xz f79eeb0768e4c0b5c4bdacda56baed5db3cbbd4c 251448 rkhunter_1.4.4-2_all.deb e0246e2b93a0e49edbba7d34155079dba06ac4ad 5577 rkhunter_1.4.4-2_amd64.buildinfo Checksums-Sha256: 43d750ef7f66f7c15125ea6840f2eacab44c48d7f07aa01e13e46d1b8d639c2b 2083 rkhunter_1.4.4-2.dsc 6828212eda0972569da8b21c9f843772dc7d111883c9197eede4d52632e0bbae 26328 rkhunter_1.4.4-2.debian.tar.xz 28233d221fe74acfa39e3dd82cf1ad9b1fe1619c48a20869d199342cdfbca760 251448 rkhunter_1.4.4-2_all.deb f39be8a965fc19acea1b7989f58fae5bd84da107218fd4e8e146ba1eb5348301 5577 rkhunter_1.4.4-2_amd64.buildinfo Files: 26c7c5e506987f0613cabbd33dd92de3 2083 admin optional rkhunter_1.4.4-2.dsc 52db5487aa1000b155137b022a59ae59 26328 admin optional rkhunter_1.4.4-2.debian.tar.xz 902938cf3209214fff2586ca28eb4855 251448 admin optional rkhunter_1.4.4-2_all.deb 9a0ba05f1e396027d10447cafd3f4e42 5577 admin optional rkhunter_1.4.4-2_amd64.buildinfo -BEGIN PGP SIGNATURE- iQKoBAEBCgCSFiEEjEcLKgsxVo4RDUMlFigfLgB8mNEFAlldJrxfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDhD NDcwQjJBMEIzMTU2OEUxMTBENDMyNTE2MjgxRjJFMDA3Qzk4RDEUHGZyYW5jb2lz QGRlYmlhbi5vcmcACgkQFigfLgB8mNEE8w/8Dn1IHXUJ4TW0P2i1XqxbTw9z0hsG szAvctXHVqViLFF6WCBQeUxU7Cl/xu9tMdV87tTmd4b3XNPed5dHwEN7M72BbZ+Z GPDGgARX0hlJpQ2NqrvLKNl/l9lxAsywdyRjzPf/47DNrQ51vmjA+hhfp+sWFPm9 ms5gQ/uQIqOASHbmq4bYEDRE9ddeEhQqLfRsz5SN8z80mHP/e1+NkcGc8bFywx1o deMDpTm3SmL1dn7lDo0o+wfFBCdnjG/GQ4I8jwV7fYcLpOH9RmDx8itOgQCD2dQ7 4ia4U2gRhAalgnh6atxO9ZYzMwYIutSgGOqu5oUiSz/ow8ppmmYlShgdZH9bbFg5 jHQ4rf8gBPsRnUdS32rEVT5ZByw6mdyxsn/8vhxfYNssmZty5yhs9frW4R6TUgny nW9Fx7sr+zayAbbsLTbh6ypxB2bqr1ihiagnMKTU7sy6VP4J79+Ymivpd9+OdYDB igJ1xXYoLZqrI1Q/5hZUSGqFpQFd974t4GmbNFI4XhTo8fIqjW0hX++IJwPuFQvs WiRfN7cpHRy3SZgH5iFtK0QQ5RkN8GpsG6l2yp3z6hJKJJ4T7yWUGd9vt3LOOzaS H0sRdHftPNksMRiPV0nvKNs0SQ1DcixJHezcJ7XtFiWw2JkGTTR35n83t6Hp9eSp Exd9bZRiozmKWC4= =6Tlb -END PGP SIGNATURE- Thank you for your contribution to Debian. ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Processing of rkhunter_1.4.4-2_amd64.changes
rkhunter_1.4.4-2_amd64.changes uploaded successfully to localhost along with the files: rkhunter_1.4.4-2.dsc rkhunter_1.4.4-2.debian.tar.xz rkhunter_1.4.4-2_all.deb rkhunter_1.4.4-2_amd64.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Processing of yara_3.6.3+dfsg-1_source.changes
yara_3.6.3+dfsg-1_source.changes uploaded successfully to localhost along with the files: yara_3.6.3+dfsg-1.dsc yara_3.6.3+dfsg.orig.tar.xz yara_3.6.3+dfsg-1.debian.tar.xz yara_3.6.3+dfsg-1_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org) ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Informations Impôts 2018
Bénéficiez d'une rentabilité de 6% par an en investissant dans un Loué Meublé. Si vous ne pouvez pas lire cet email, suivre ce lien (http://front.info-expert-1.com/php/emailing/view_mail.php?CODE=95L0VZ2M_11177=70b8064770dbe5ebc431f81662f2c053) Les Experts Fiscalité Les experts de la Fiscalité (http://lt.info-expert-1.com/r.php?i=95L0VZ2M_11177_1=http%3A%2F%2Fid3297.r.info-expert-1.com%2FInvest-lmnp-no-sms%2F%3Futm_source%3Dgulli_lmnp_guide_mini_47) Investissez dans un Loué Meubléet bénéficiez d'une rentabilité de 6%/an (http://lt.info-expert-1.com/r.php?i=95L0VZ2M_11177_1=http%3A%2F%2Fid3297.r.info-expert-1.com%2FInvest-lmnp-no-sms%2F%3Futm_source%3Dgulli_lmnp_guide_mini_47) Dcouvrez les avantages de la loi Censi-Bouvard (LMNP): 0 € d’impôts pendant 12 ans L’assurance d’un revenu complémentaire (6% par an) Recevez votre guide gratuit Rapide et sans engagement ! + GUIDE OFFERT Loi LMNP 2017 Les avantages de l'investissement lmnp 2017 Constituez vousun patrimoine 33 000 € d’économiesd’impôts en 12 ans Profitez d’un revenucomplémentaire Devenez propriétairesans apport Etablissez votre bilan fiscal avec notre expert - gratuit et sans engagement (http://lt.info-expert-1.com/r.php?i=95L0VZ2M_11177_1=http%3A%2F%2Fid3297.r.info-expert-1.com%2FInvest-lmnp-no-sms%2F%3Futm_source%3Dgulli_lmnp_guide_mini_47) Plan de relance immobilier du gouvernement (http://lt.info-expert-1.com/r.php?i=95L0VZ2M_11177_1=http%3A%2F%2Fid3297.r.info-expert-1.com%2FInvest-lmnp-no-sms%2F%3Futm_source%3Dgulli_lmnp_guide_mini_47) La loi LMNP vous permet vous de déduire (de votre impôt sur le revenu) jusqu'à 21% du montant de votre investissement (réparti de manière linéaire sur toute la durée de location) sur l’achat d’un bien immobilier neuf, dédié à la location pendant une durée minimum. Votre réduction d'impôt varie en fonction de la durée de location que vous envisagez au moment de l’achat : • Pour une location équivalent à 6 années, votre réduction d’impôt sera de 12 % du montant de l’achat • Pour une location équivalent à 9 années, votre réduction d’impôt sera de 18 % du montant de l’achat • Pour une location équivalent à 12 années, votre réduction d’impôt sera de 21 % du montant de l’achat A titre d'exemple, pour l'achat d'un appartement neuf de 300 000€, vous pourrez déduire jusqu'à 33 000 € de vos impôts sur 12 ans. Votre bien ne vous coûte plus que 267 000€ auxquels viendront se soustraire les loyers perçus pendant 12 ans. Si vous voulez vous dsinscrire, suivre ce lien (http://front.info-expert-1.com/php/emailing/u.php?CODE=95L0VZ2M_11177=70b8064770dbe5ebc431f81662f2c053) ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
dfdatetime_20170704-1_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 05 Jul 2017 09:06:18 +0200 Source: dfdatetime Binary: python-dfdatetime python3-dfdatetime Architecture: source Version: 20170704-1 Distribution: unstable Urgency: medium Maintainer: Debian ForensicsChanged-By: Hilko Bengen Description: python-dfdatetime - Digital Forensics date and time library for Python 2 python3-dfdatetime - Digital Forensics date and time library for Python 3 Changes: dfdatetime (20170704-1) unstable; urgency=medium . * New upstream version 20170704 * Bump Standards-Version, Debhelper compat level Checksums-Sha1: 705d5d5940d3bd3ed5a015fe0678f3b295d7bf62 2128 dfdatetime_20170704-1.dsc a6a83712e5edfbd54459a9e98d22c7625b3b0f01 75571 dfdatetime_20170704.orig.tar.gz 1e3b8108f89c19625ba15a372718a10733c21544 2072 dfdatetime_20170704-1.debian.tar.xz bdda40ca153b21bb16f23b9746fbeca321e0487c 6791 dfdatetime_20170704-1_source.buildinfo Checksums-Sha256: 950c3564011e27c54373f74c7980dea98404aa2f65b43921f593c4732997327c 2128 dfdatetime_20170704-1.dsc f100768568322aacae2a153d47a9571fdedbc6b1d2e4e1ba0f68ea715e59d4b3 75571 dfdatetime_20170704.orig.tar.gz 05a1dff46e162de391b3522158e60a33214687b6d6c5a45f387c742427b4f7e2 2072 dfdatetime_20170704-1.debian.tar.xz 24ec36cf8af0ae8e669182855ae0e8c9db1d2fb17b1c77d636cabc578745178b 6791 dfdatetime_20170704-1_source.buildinfo Files: 1811003f9d73f57103bb0adaf4dd113d 2128 python optional dfdatetime_20170704-1.dsc 56f8593b0d8e5280535a28bad1d71b25 75571 python optional dfdatetime_20170704.orig.tar.gz 808bc15cae58b2e7012d9bd100f6f78c 2072 python optional dfdatetime_20170704-1.debian.tar.xz 05629111c411213f2a288319f1e4c0b9 6791 python optional dfdatetime_20170704-1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEErnMQVUQqHZbPTUx4dbcQY1whOn4FAllcj/oACgkQdbcQY1wh On4yEQ//WTV4HdJLemJEvQKUSxHiS+6h57NwSXF43lVLmIAPEsY3mwQIpZ2G464p Hq2zdJkID4a49DE9MI2c7BnuEvrd94G+kF/nXq4qfxMgLeMNkOW/U7gXZ4IMMGeu Pwshyq498F+n9PBcVIcwO/fyMA6Hz6l/80HcGCo3qAedjnbNOY1CP5lezeux1Jxa 7632VpUlPmbbrzt3DvKsPeOQrwC0645syL5+ZtXlUGYXY0U1rKZzQVLwuJB8DwDX RUAr7dCmCS+qnEPTQwEo6qvHns8C4QCcrfp6P/PFPzS9f4tFQlNqV/bW8SASgDlM l+rGd4tgWeOONoSmRJhSUHf4AeVz+NcDMJ4giYm6AGgSvJWQ4mCuZpP62OafLPjx Zj25aSb5k3UxUkq4PAmx4DkX83jd/JKeRlZDWXJ8OLsu4TpyK7gXISpiJTN1HXkD eLVTabQw7NtwpyA7EiFVEv+V6Nw18fBrWGsrlKmoaXpu27rRBzxVlk2L2JVuBLrs 0BIzGoqsDqbxUjq+E2Qe+xIy+Kgm67359I09BUbOFi7A+lifBVi94/+/3USh7vCd lrjcCwfUOsFKfA2nOKpkeaOns1o9sXGMwo54QCgOz7y89Tw4al4rkZtKlmPwlsn1 e0L0kNz3a9LoyzwYWx8xHDRUAHcYc5rpxNt560HsDt/pzjIETA4= =WEyr -END PGP SIGNATURE- Thank you for your contribution to Debian. ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel