Package: knowledgetree Version: 2.0.7-1 Severity: critical Hey,
/etc/knowledgetree/environment.php is world-readable by default. It is supposed to contain (amongst other things) the username and password for the KnowledgeTree database. Cc:'d to [EMAIL PROTECTED] just in case they care (the package is only in Sid, but maybe some other "related" packages are worth auditing). -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.11.4-execshield-a8-linuxjail-1-2-oftc-1 Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1) Versions of packages knowledgetree depends on: ii apache2-mpm-prefork [apache2] 2.0.55-2 traditional model for Apache2 ii libphp-phpmailer 1.73-1 full featured email transfer class ii libphp-phpsniff 2.1.3-1 a HTTP_USER_AGENT Client Sniffer f ii php4 4:4.4.0-4 server-side, HTML-embedded scripti ii php4-mysql 4:4.4.0-4 MySQL module for php4 ii php4-pear 4:4.4.0-4 PHP Extension and Application Repo ii php4-pear-log 1.6.0-1.1 Log module for PEAR -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]