Your message dated Sat, 12 Jan 2008 23:32:03 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#458627: fixed in ejabberd 1.1.4-5 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: ejabberd Version: 1.1.2-6 Severity: normal By default, ejabberd provides a service accepting public user registration. Any user on the Internet can potentially connect to the ejabberd process and register an account for themself. This is a security issue. Minimal solution: - disable the registration service by default - put instructions in README.Debian for enabling it Better solution: - use debconf to allow the installer to choose whether they want public user registration (default=no) Modifying /etc/ejabberd/ejabberd.cfg to be like the example below, and restarting the process, will rectify the issue: % Every username can be registered via in-band registration: %{access, register, [{allow, all}]}. % None username can be registered via in-band registration: {access, register, [{deny, all}]}. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.26 Locale: LANG=C, LC_CTYPE=C (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US) Versions of packages ejabberd depends on: ii adduser 3.102 Add and remove users and groups ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy ii erlang-base 1:11.b.2-4 Concurrent, real-time, distributed ii erlang-nox 1:11.b.2-4 Concurrent, real-time, distributed ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries ii libexpat1 1.95.8-3.4 XML parsing C library - runtime li ii libssl0.9.8 0.9.8c-4etch1 SSL shared libraries ii openssl 0.9.8c-4etch1 Secure Socket Layer (SSL) binary a ii ucf 2.0020 Update Configuration File: preserv ii zlib1g 1:1.2.3-13 compression library - runtime ejabberd recommends no packages. -- debconf information excluded
--- End Message ---
--- Begin Message ---Source: ejabberd Source-Version: 1.1.4-5 We believe that the bug you reported is fixed in the latest version of ejabberd, which is due to be installed in the Debian FTP archive: ejabberd_1.1.4-5.diff.gz to pool/main/e/ejabberd/ejabberd_1.1.4-5.diff.gz ejabberd_1.1.4-5.dsc to pool/main/e/ejabberd/ejabberd_1.1.4-5.dsc ejabberd_1.1.4-5_i386.deb to pool/main/e/ejabberd/ejabberd_1.1.4-5_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sergei Golovan <[EMAIL PROTECTED]> (supplier of updated ejabberd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 13 Jan 2008 01:37:19 +0300 Source: ejabberd Binary: ejabberd Architecture: source i386 Version: 1.1.4-5 Distribution: unstable Urgency: low Maintainer: Torsten Werner <[EMAIL PROTECTED]> Changed-By: Sergei Golovan <[EMAIL PROTECTED]> Description: ejabberd - Distributed, fault-tolerant Jabber/XMPP server written in Erlang Closes: 458627 460459 Changes: ejabberd (1.1.4-5) unstable; urgency=low . * Do not remove /etc/ejabberd on package purge to preserve user files if any (closes: #460459). * Bumped standards version to 3.7.3. * Added homepage header to debian control file. * Fixed unnecessary space in doc-base. * Changed default setting for nicknames which can be registered to 'none' (which effectively forbids registration) as this setting is more safe (closes: #458627). * Fixed name section of ejabberd and ejabberdctl manual pages. Files: e88de3ae6b17ae6740a4ec984fcc8fa6 891 net optional ejabberd_1.1.4-5.dsc 400a3b5fa50220b3430c6d70f1a51afb 59057 net optional ejabberd_1.1.4-5.diff.gz 9e4ea4ffdb6e0a65dd165361ea389fe1 911760 net optional ejabberd_1.1.4-5_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHiUkcIcdH02pGEFIRAjdXAKCZ+zPXG6MPgxLT3bn3WEZIZQdw1ACeMgeO /36et3aXqtWc2nTbcPGUPVE= =h+Be -----END PGP SIGNATURE-----
--- End Message ---
