Your message dated Mon, 17 Apr 2006 05:47:22 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#337830: fixed in kphone 1:4.2-6
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: kphone
Version: 4.2-3
Severity: serious
I think I have found a security flaw in kphone:
it creates ~/.qt/kphonerc world-readable! This file contains the user's
SIP-password and so on, so I guess this is a bad thing, because the
~/.qt dir itself is by default also readable by everybody.
I removed the whole ~/.qt dir and restarted kphone: same behaviour.
Regards,
Sven
--- End Message ---
--- Begin Message ---
Source: kphone
Source-Version: 1:4.2-6
We believe that the bug you reported is fixed in the latest version of
kphone, which is due to be installed in the Debian FTP archive:
kphone_4.2-6.diff.gz
to pool/main/k/kphone/kphone_4.2-6.diff.gz
kphone_4.2-6.dsc
to pool/main/k/kphone/kphone_4.2-6.dsc
kphone_4.2-6_i386.deb
to pool/main/k/kphone/kphone_4.2-6_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mark Purcell <[EMAIL PROTECTED]> (supplier of updated kphone package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 17 Apr 2006 12:17:45 +0100
Source: kphone
Binary: kphone
Architecture: source i386
Version: 1:4.2-6
Distribution: unstable
Urgency: low
Maintainer: Debian VoIP Team <[EMAIL PROTECTED]>
Changed-By: Mark Purcell <[EMAIL PROTECTED]>
Description:
kphone - Voice over IP (VoIP) phone application
Closes: 337830 357959 361492
Changes:
kphone (1:4.2-6) unstable; urgency=low
.
[ Kilian Krause ]
* Add fix to compile with gcc4.1. (Closes: #357959)
* Lower build-depends on libqt3-mt-dev to ease backports to Sarge.
.
[ Mark Purcell ]
* Remove dpatch Build-Depends
* Update Build-Depends
- FTBFS on kfreebsd-amd64: unsatisfied Build-Depends (Closes: #361492)
* Add debian/patches/umask.diff
- Security problem in kphone (Closes: #337830)
Files:
c1a1080084887cefac3b6755fa8c90c1 888 kde optional kphone_4.2-6.dsc
cb73fc220ff9e1e6030838279c6e085d 5341 kde optional kphone_4.2-6.diff.gz
2d8b7d2df27ed76aef8a96a26d9c490a 422218 kde optional kphone_4.2-6_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEQ4vtoCzanz0IthIRApCEAJ9LFs6uIZ4CEBgVcmUh7lf9ggW7FwCfZP3Y
gcXQ8YI98RyITdBfcYsTilI=
=p/+b
-----END PGP SIGNATURE-----
--- End Message ---
