Source: phabricator
Version: 0~git20141101-1
Severity: grave
Tags: security
Justification: user security hole

Dear Maintainer,

The local configuration created by the phabricator package under 
/usr/share/phabricator/conf/local is globally readable and contains 
sensitive information like phabricator's database credentials. Access to 
it should be restricted to only the necessary users (www-data and 
phabricator in our case). See also #775478 regarding the configuration 
location.

Regards,
Apollon

-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing'), (90, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=el_GR.UTF-8, LC_CTYPE=el_GR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to