Your message dated Thu, 14 Sep 2017 13:49:00 +0000
with message-id <[email protected]>
and subject line Bug#614518: fixed in arpon 3.0-ng+dfsg1-1
has caused the Debian Bug report #614518,
regarding arpon: weak permissions in log file
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
614518: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614518
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: arpon
Version: 2.0-2
Severity: important
Tags: security
Hi,
The log file's permissions are 644 by default, which exposes sensitive
information. When the log is rotated the permissions are set to 640, which is
better, but still leaves a world-readable compressed log.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
--- End Message ---
--- Begin Message ---
Source: arpon
Source-Version: 3.0-ng+dfsg1-1
We believe that the bug you reported is fixed in the latest version of
arpon, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lukas Schwaighofer <[email protected]> (supplier of updated arpon package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 07 Sep 2017 20:26:55 +0200
Source: arpon
Binary: arpon
Architecture: source
Version: 3.0-ng+dfsg1-1
Distribution: unstable
Urgency: low
Maintainer: Debian Security Tools Packaging Team
<[email protected]>
Changed-By: Lukas Schwaighofer <[email protected]>
Description:
arpon - versatile anti ARP poisoning daemon
Closes: 614027 614518 783536 866832
Changes:
arpon (3.0-ng+dfsg1-1) unstable; urgency=low
.
* Maintain arpon in pkg-security (Closes: #866832).
* Imported Upstream version 3.0-ng.
- Repacked without doc which contains the linkedin logo and pre-compiled
PDFs without the source, violating the DFSG.
- Drop existing patches, as the new version is a rewrite.
- The libdumbnet library is now properly detected without using
lsb-release (Closes: #783536).
- The permissions of the log file are now 0640 and owned by root:root, the
file is no longer world readable (Closes: #614518).
- Stderr is properly redirected to /dev/null (Closes: #614027).
* Update README.Debian: Mention missing documentation due to repack.
* Update debian/copyright:
- Convert to machine readable format.
- Update for new version.
- Add Files-Excluded for automatic uscan repacking without the doc dir.
* Update debian/watch to deal with dfsg version suffix.
* Package using git-buildpackage:
- Add Vcs-{Git,Browser} to debian/control.
- Add debian/gbp.conf.
* Update to debhelper compatibility level 10, cleanup of debian/rules.
* Drop Build-Depends on lsb-release.
* Introduce a patch to fix gcc-7 compile errors.
* Introduce a patch to adjust the installed files and paths.
* Cleanup of control files:
- Remove dirs, no longer needed.
- Cleanup docs.
- Prefix control files with packagename where appropriate.
* Fix spelling errors in man page.
* Add patch to remove unwanted build options.
* Remove the pre-3.0 configuration file /etc/arpon.sarpi.
- Explain the change in debian/NEWS.
* Remove the /var/log/arpon folder in postrm (not just the contents).
* Simplify and adjust init script for the new version:
- Allow it to start multiple instances of arpon for different interfaces.
- Support the status option.
* Adjust logrotate configuration:
- Only keep 4 weekly rotations.
- Cleanup of unneeded options.
- Updated the postrotate script for usage with systemd.
* Provide a systemd service file.
* Update /etc/default/arpon for new version and init script / service file.
* Bump Standards-Version to 4.1.0.
* Compile with NDEBUG, otherwise the log is flooded with debug messages that
cannot be disabled.
Checksums-Sha1:
79eab9891a93eddab6e7171a5360e1ee87c6411b 1970 arpon_3.0-ng+dfsg1-1.dsc
1d48852f3fe82db1d17dbf918038c5e0f1f46ff4 43664 arpon_3.0-ng+dfsg1.orig.tar.xz
96745e023788f967833243aecc21c2efca5501b6 9504
arpon_3.0-ng+dfsg1-1.debian.tar.xz
Checksums-Sha256:
412987c270ab0a759ed0ad98d7da19a29fda51d11a2040c371ee2c606643db2b 1970
arpon_3.0-ng+dfsg1-1.dsc
1ee610e220cc05927f0935db1f4afd705f83f9c2fd7a37f862d596a46d8b6eb9 43664
arpon_3.0-ng+dfsg1.orig.tar.xz
b4d1f3db02f23eec23edd08cf277eb757ce1cee292d98e4aabd5ddec9a3a2ca6 9504
arpon_3.0-ng+dfsg1-1.debian.tar.xz
Files:
fecb21bdc73ce55d6131f1a4847169bc 1970 net optional arpon_3.0-ng+dfsg1-1.dsc
c4ee5a14b19ea47108407f3d6e0fc345 43664 net optional
arpon_3.0-ng+dfsg1.orig.tar.xz
0b4c374dc071350dcce2ea2cd583d28d 9504 net optional
arpon_3.0-ng+dfsg1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJZuoWCAAoJEPNPCXROn13Ze2MQAK+cvTdT7/ppa/9xzKXJHYBf
uZRrE6Fr+7BXUHjQvsXNuYkwhYEQz9PGN9Gqti1CEscLvCtsgxKLAbLSnG/IkKmN
F1LUXte/TqD9FUq2xT4lOl/4Bre5ccgL3MR4XP9a55clpLkBiTqMgfaQrVcPXMC/
lxPI1PtsdBCSCrBWrMnHuuAjcgtMz9adgW0Iuo68YiKqjKDKHMoHP8Z+RWWZL1tK
cN7xmAO+DJNI/AvSWFMC2BRY8CaRblhx0KhCK8oxLIN+2R7XUwEripNjQFK2PC9H
kCzNkotnKaanN5CwLOibTsbbKj0osuihiDZgikwAzgw2s3eYzaZZ8fFx6E/vbUIX
xUu4eA/YtfDv8Wvp+FxzXapXXMwXdg+LI4LO1y1O6cBkJHkTiteOSkoBFPeXutCb
dp5nu0KEKfOQlzOZ7o/6jqC94iqz18XXTWBTHbHX0xZ8xabl/nSrgzG3sNCITtCg
fWJJAaBBbWweNUK+jhNLXJKZg2+VCUzfD71xNpCVnD+DJ7GXUGH2CgMGcMyVgzeB
5N6M3gaNLrAiwka7ek2j7TD0hTT1s+99/8dvbwRUTHo+xGVS3TVtEQ48yHoOsPjN
zXpMnFOrnR0mX5sRIeOxIdWWOsYAs5f3i9uHi7nhyxUdhpjscuSDGo5K2ITbnMM9
7IpAfJGkKwEM0tPeEv9I
=vETJ
-----END PGP SIGNATURE-----
--- End Message ---
