Your message dated Sun, 26 Nov 2006 18:17:07 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#321529: fixed in phpmyadmin 4:2.9.1.1-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: phpmyadmin
Version: 4:2.6.2-1
Severity: normal
The current permissions of the configuration files are set to world
readable. This is a problem because it means that any database access
passwords stored here are readable to everyone on the system. At a very
minimum the group should be set to www-data for all files in this
directory and the world-readable should be turned off.
It should be noted that any process that is also running on the same
server will be able to read the files in this directory from within a
script executed by the web-server.
Of course the latter issue means that someone who has permission to
write/upload scripts can compromise these files, but people who
currently have login access can see those files.
I suppose an argument could be made that by making it world readable,
the security implications are obvious.
Perhaps adding a README-security file in the same directory could warn
new administrators.
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (990, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.11-1-686
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Versions of packages phpmyadmin depends on:
ii apache [httpd] 1.3.33-4 versatile, high-performance HTTP s
ii debconf 1.4.30.13 Debian configuration management sy
ii php4 4:4.3.10-13 server-side, HTML-embedded scripti
ii php4-cgi 4:4.3.10-13 server-side, HTML-embedded scripti
ii php4-mysql 4:4.3.10-13 MySQL module for php4
ii ucf 1.17 Update Configuration File: preserv
-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: phpmyadmin
Source-Version: 4:2.9.1.1-1
We believe that the bug you reported is fixed in the latest version of
phpmyadmin, which is due to be installed in the Debian FTP archive:
phpmyadmin_2.9.1.1-1.diff.gz
to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-1.diff.gz
phpmyadmin_2.9.1.1-1.dsc
to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-1.dsc
phpmyadmin_2.9.1.1-1_all.deb
to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-1_all.deb
phpmyadmin_2.9.1.1.orig.tar.gz
to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thijs Kinkhorst <[EMAIL PROTECTED]> (supplier of updated phpmyadmin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 22 Nov 2006 22:24:02 +0100
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:2.9.1.1-1
Distribution: unstable
Urgency: high
Maintainer: Thijs Kinkhorst <[EMAIL PROTECTED]>
Changed-By: Thijs Kinkhorst <[EMAIL PROTECTED]>
Description:
phpmyadmin - Administrate MySQL over the WWW
Closes: 321529 399329
Changes:
phpmyadmin (4:2.9.1.1-1) unstable; urgency=high
.
* New upstream release.
- Addresses several security issues (Closes: #399329).
.
* In Depends, explicitly prefer the apache2/apache PHP module, to make
sure the correct one is selected upon installation.
* Drop 100-dutch_fixtypo.patch, integrated upstream.
.
* Add note to default config file about adding sensitive data
to that file (Closes: #321529).
* Update README.Debian with information about register_globals.
Files:
58a5d129135b2e72de5de3445d97fb48 590 web extra phpmyadmin_2.9.1.1-1.dsc
f598509b308bf96aee836eb2338f523c 3500563 web extra
phpmyadmin_2.9.1.1.orig.tar.gz
0cac987327d75e672517b1cbf35999ad 44025 web extra phpmyadmin_2.9.1.1-1.diff.gz
3459df7f9589d1c71ec029c2b2d7a133 3589832 web extra phpmyadmin_2.9.1.1-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFZMCRJdKMxZV9WM8RAujnAKDFAvB2Yol8k3ivj7P1z2hnBMfOHgCgwS+e
nSFKGKAuiSHmzLqqzkc3L1A=
=3qeC
-----END PGP SIGNATURE-----
--- End Message ---
