Bug#684619: [nullmailer] Debconf prompts for info that might contain password, saves to world-readable file

2012-08-23 Thread Bart Martens
Potential sponsors can find more recent information about the package to be sponsored on RFS bug 684679. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#684619: [nullmailer] Debconf prompts for info that might contain password, saves to world-readable file

2012-08-18 Thread Vagrant Cascadian
On Mon, Aug 13, 2012 at 08:54:52AM +0100, Nick Leverton wrote: Thanks for the very good catch on this one. The package is ready to upload but needs a sponsor. Would you be able to spare a bit more time to upload the fix for me, please ? Source is dgettable from

Bug#684619: [nullmailer] Debconf prompts for info that might contain password, saves to world-readable file

2012-08-18 Thread Nick Leverton
On Sat, Aug 18, 2012 at 01:53:20PM -0700, Vagrant Cascadian wrote: On Mon, Aug 13, 2012 at 08:54:52AM +0100, Nick Leverton wrote: Thanks for the very good catch on this one. The package is ready to upload but needs a sponsor. Would you be able to spare a bit more time to upload the fix

Bug#684619: [nullmailer] Debconf prompts for info that might contain password, saves to world-readable file

2012-08-13 Thread Nick Leverton
Hi, Thanks for the very good catch on this one. The package is ready to upload but needs a sponsor. Would you be able to spare a bit more time to upload the fix for me, please ? Source is dgettable from http://mentors.debian.net/debian/pool/main/n/nullmailer/nullmailer_1.11-2.dsc If you're

Bug#684619: [nullmailer] Debconf prompts for info that might contain password, saves to world-readable file

2012-08-13 Thread Aaron Schrab
At 08:54 +0100 13 Aug 2012, Nick Leverton n...@leverton.org wrote: Thanks for the very good catch on this one. The package is ready to upload but needs a sponsor. Would you be able to spare a bit more time to upload the fix for me, please ? Sorry I'm not a Debian Developer, so I can't upload

Bug#684619: [nullmailer] Debconf prompts for info that might contain password, saves to world-readable file

2012-08-13 Thread Bart Martens
Hi Nick, Why not simply use touch and chmod ? | touch file.txt | chmod 600 file.txt | echo secret file.txt Regards, Bart Martens -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#684619: [nullmailer] Debconf prompts for info that might contain password, saves to world-readable file

2012-08-13 Thread Nick Leverton
On Mon, Aug 13, 2012 at 05:45:40PM +, Bart Martens wrote: Hi Nick, Why not simply use touch and chmod ? | touch file.txt | chmod 600 file.txt | echo secret file.txt It's still susceptible to reading, by someone opening the file inbetween the touch and the chmod. Admittedly

Bug#684619: [nullmailer] Debconf prompts for info that might contain password, saves to world-readable file

2012-08-11 Thread Aaron Schrab
Package: nullmailer Version: 1:1.11-1 Severity: serious Tags: security X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org --- Please enter the report below this line. --- Durint installation, this package uses debconf to get information about how mail should be delivered, giving examples