Bug#337830: marked as forwarded (Security problem in kphone)
Debian Bug Tracking System
owner at bugs.debian.org
Sun Nov 6 22:48:14 UTC 2005
Your message dated Sun, 6 Nov 2005 22:34:29 +0000
with message-id <200511062234.30322.msp at debian.org>
has caused the Debian Bug report #337830,
regarding Security problem in kphone
to be marked as having been forwarded to the upstream software
author(s) kphone-devel at lists.sourceforge.net, kphone at wirlab.net.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
---------------------------------------
Received: (at 337830-forwarded) by bugs.debian.org; 6 Nov 2005 22:34:48 +0000
>From msp at debian.org Sun Nov 06 14:34:48 2005
Return-path: <msp at debian.org>
Received: from 88-109-1-15.dynamic.dsl.as9105.com (bristol.purcell.id.au) [88.109.1.15] (Debian-exim)
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EYt68-0005Wr-00; Sun, 06 Nov 2005 14:34:48 -0800
Received: from [192.168.3.149] (helo=dell.purcell.id.au)
by bristol.purcell.id.au with esmtp (Exim 4.52)
id 1EYt5y-0002aY-9m; Sun, 06 Nov 2005 22:34:42 +0000
Received: from mark by dell.purcell.id.au with local (Exim 4.54)
id 1EYt5q-00024t-Cs; Sun, 06 Nov 2005 22:34:30 +0000
Content-Length: 1015
From: Mark Purcell <msp at debian.org>
Organization: Debian GNU Linux
To: kphone-devel at lists.sourceforge.net,
kphone at wirlab.net
Date: Sun, 6 Nov 2005 22:34:29 +0000
User-Agent: KMail/1.8.2
Cc: 337830-forwarded at bugs.debian.org,
Sven Dreyer <sven at dreyer-net.de>
Disposition-Notification-To: Mark Purcell <msp at debian.org>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200511062234.30322.msp at debian.org>
X-SA-Exim-Connect-IP: 192.168.3.149
X-SA-Exim-Rcpt-To: kphone-devel at lists.sourceforge.net, kphone at wirlab.net, 337830-forwarded at bugs.debian.org, sven at dreyer-net.de
X-SA-Exim-Mail-From: msp at debian.org
Subject: Fwd: Bug#337830: Security problem in kphone
X-SA-Exim-Version: 4.2 (built Thu, 03 Mar 2005 10:44:12 +0100)
X-SA-Exim-Scanned: Yes (on bristol.purcell.id.au)
Delivered-To: 337830-forwarded at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER,
HAS_PACKAGE autolearn=ham version=2.60-bugs.debian.org_2005_01_02
Hey kphone-devel,
Find enclosed a security bug report about kphone from a Debian user.
This and other kphone issues in Debian can be found at
http://bugs.debian.org/kphone.
Mark
---------- Forwarded Message ----------
Subject: Bug#337830: Security problem in kphone
Date: Sunday 06 November 2005 19:11
From: Sven Dreyer <sven at dreyer-net.de>
To: submit at bugs.debian.org
Package: kphone
Version: 4.2-3
Severity: serious
I think I have found a security flaw in kphone:
it creates ~/.qt/kphonerc world-readable! This file contains the user's
SIP-password and so on, so I guess this is a bad thing, because the
~/.qt dir itself is by default also readable by everybody.
I removed the whole ~/.qt dir and restarted kphone: same behaviour.
Regards,
Sven
_______________________________________________
Pkg-voip-maintainers mailing list
Pkg-voip-maintainers at lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-voip-maintainers
-------------------------------------------------------
More information about the Pkg-voip-maintainers
mailing list