Your message dated Wed, 27 Nov 2013 09:51:22 +0000 with message-id <[email protected]> and subject line Bug#730121: Removed package(s) from unstable has caused the Debian Bug report #729474, regarding mantis: default conf allows directory listing to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 729474: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729474 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: mantis Version: 1.2.11-1.2 Severity: normal Dear Maintainer, The default mantis config allows for directory listings in all subfolders (e.g. api/). This is not needed and might cause a security problem. I would therefore recommend to add Options -Indexes to /etc/mantis/apache.conf by default. (see my file below) thanks for your work Nicola -- Configuration Files: /etc/mantis/apache.conf changed: Alias /mantis /usr/share/mantis/www <Directory /usr/share/mantis/www> # # Disable these options (as needed) to improve PHP configuration # #php_admin_flag display_errors Off #php_admin_flag log_errors On #php_admin_flag html_errors Off #php_admin_flag allow_url_fopen Off #php_admin_flag safe_mode On #php_admin_value upload_tmp_dir "/tmp" #php_admin_value open_basedir "/usr/share/mantis/www/:/etc/mantis/:/usr/share/php/libphp-phpmailer/:/usr/share/php/adodb/:/tmp/" #php_admin_value disable_functions "exec,passthru,popen,proc_open,shell_exec,system,socket_create,fsockopen,pfsockopen" Options +FollowSymLinks Options -Indexes AllowOverride None Order allow,deny Allow from all AddType application/x-httpd-php .php .phtml <IfModule mod_php5.c> php_flag magic_quotes_gpc Off php_flag track_vars On php_value include_path .:/usr/share/php:/usr/share </IfModule> DirectoryIndex index.php </Directory> <Directory /usr/share/mantis/www/admin> AuthType Basic AuthName "Restricted Admin mantis" AuthUserFile /etc/mantis/htaccess.dat Require valid-user </Directory> -- debconf information excluded
--- End Message ---
--- Begin Message ---Version: 1.2.11-1.2+rm Dear submitter, as the package mantis has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see http://bugs.debian.org/730121 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]. Debian distribution maintenance software pp. Luca Falavigna (the ftpmaster behind the curtain)
--- End Message ---
