Bug#803161: mailman: /var/log/mailman/* world-readable by default, leaking sensitive list information

Package: mailman Version: 1:2.1.18-2 Severity: critical Tags: security Justification: root security hole The log files of mailman, residing in /var/lib/mailman/log and in /var/log/mailman, and the log directory itself are created world-readable by default. This discloses sensitive information

Bug#803161: mailman: /var/log/mailman/* world-readable by default, leaking sensitive list information

severity 803161 normal thanks * Dominik George: > Severity: critical > Tags: security > Justification: root security hole > > The log files of mailman, residing in /var/lib/mailman/log and in > /var/log/mailman, and the log directory itself are created > world-readable by default. This discloses

Bug#803161: [Pkg-mailman-hackers] Bug#803161: mailman: /var/log/mailman/* world-readable by default, leaking sensitive list information

On Tue, 27 Oct 2015, Dominik George wrote: > >This issue can be considered a security vulnerability, but it is > >certainly not a rot security hole, hence lowering the severity. > root (or another privileged system account), or *data normally > accessible only by such accounts*“ By default, the

Bug#803161: mailman: /var/log/mailman/* world-readable by default, leaking sensitive list information

Hi, >This issue can be considered a security vulnerability, but it is >certainly not a rot security hole, hence lowering the severity. I actually think reportbug is very clear in that regard: „introduces a security hole allowing access to root (or another privileged system account), or *data