Hi Moritz This is the patch:
--- pptp-linux-1.7.2.orig/pptpsetup +++ pptp-linux-1.7.2/pptpsetup @@ -168,11 +168,14 @@ # backup rename( $chap_file, "$chap_file.bkp" ); + my $umask_save = umask(); + umask 0077; # write new chap-secrets open( FILE, ">$chap_file" ) or die "$0: can't write '$chap_file': $!\n"; print FILE $new_chap; close FILE; + umask $umask_save; exit; } I have uploaded a corrected version to unstable with this fix. It is the only fix in that package compared to the version in stable. I used high severity in order to get it into testing as soon as possible. I have also made sure that it works well by reproducing the problem and testing it. Uploading to ftp-master (via ftp to ftp.upload.debian.org): pptp-linux_1.7.2-3.dsc: done. pptp-linux_1.7.2-3.diff.gz: done. pptp-linux_1.7.2-3_i386.deb: done. pptp-linux_1.7.2-3_i386.changes: done. Successfully uploaded packages. Not running dinstall. Best regards, // Ola On Sun, Apr 26, 2009 at 10:17:16AM +0200, Moritz Muehlenhoff wrote: > On Sun, Apr 12, 2009 at 06:56:34PM +0200, Ola Lundqvist wrote: > > Hi Michael > > It is a problem on Debian. I have successfully reproduced the problem. > > > > The fix was very easy, just to add a chmod 600 /etc/ppp/chap-secrets. > > I have uploaded a fixed package to unstable now. > > > > I agree that it it not a critical bug but I think it is worth a DSA for > > this, > > so I'm cc:ing the security team about this. > > > > The corrected package is pptp-linux_1.7.2-2 and this is the only fix in > > that package compared to stable. > > Could you please fix this through a stable point update for Lenny? > > The best way to do that is to send the proposed debdiff to > debian-rele...@lists.debian.org with [stable] in the subject, so that the > stable release managers can review it. > > Cheers, > Moritz > -- --- Inguza Technology AB --- MSc in Information Technology ---- / o...@inguza.com Annebergsslingan 37 \ | o...@debian.org 654 65 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --------------------------------------------------------------- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org