[Pkg-sympa-devel] Bug#639911: Wrong setuid on sympa_soap_server.fcgi
Debian BTS
debbugs at busoni.debian.org
Wed Aug 31 15:03:04 UTC 2011
/usr/lib/cgi-bin/sympa_soap_server.fcgi should not be setuid because
it is wrapped through sympa_soap_server-wrapper.fcgi to do this.
Reply-To: Christian Bac <christian.bac at it-sudparis.eu>, 639911 at bugs.debian.org
Resent-From: Christian Bac <christian.bac at it-sudparis.eu>
Resent-To: debian-bugs-dist at lists.debian.org
Resent-CC: Debian Sympa team <pkg-sympa-devel at lists.alioth.debian.org>
X-Loop: owner at bugs.debian.org
Resent-Date: Wed, 31 Aug 2011 15:03:01 +0000
Resent-Message-ID: <handler.639911.B.131480287331301 at bugs.debian.org>
Resent-Sender: owner at bugs.debian.org
X-Debian-PR-Message: report 639911
X-Debian-PR-Package: sympa
X-Debian-PR-Keywords: sid squeeze
X-Debian-PR-Source: sympa
Received: via spool by submit at bugs.debian.org id=B.131480287331301
(code B ref -1); Wed, 31 Aug 2011 15:03:01 +0000
Received: (at submit) by bugs.debian.org; 31 Aug 2011 15:01:13 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.1-bugs.debian.org_2005_01_02
(2010-03-16) on busoni.debian.org
X-Spam-Level:
X-Spam-Status: No, score=-11.9 required=4.0 tests=BAYES_00,FOURLA,HAS_PACKAGE,
XMAILER_REPORTBUG autolearn=ham version=3.3.1-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 19; hammy, 151; neutral, 427; spammy,
0. spammytokens: hammytokens:0.000-+--H*M:reportbug, 0.000-+--H*MI:reportbug,
0.000-+--H*x:reportbug, 0.000-+--H*UA:reportbug, 0.000-+--listmaster
Received: from smtp5.int-evry.fr ([157.159.10.72])
by busoni.debian.org with esmtp (Exim 4.72)
(envelope-from <christian.bac at it-sudparis.eu>)
id 1QymHw-000887-Jw
for submit at bugs.debian.org; Wed, 31 Aug 2011 15:01:13 +0000
Received: from smtp1.it-sudparis.eu (smtp1.int-evry.fr [157.159.10.46])
by smtp5.int-evry.fr (Postfix) with ESMTP id E0E56933347E
for <submit at bugs.debian.org>; Wed, 31 Aug 2011 17:01:03 +0200 (CEST)
Received: from ff51.localdomain (ardoisier.int-evry.fr [157.159.110.110])
by smtp1.it-sudparis.eu (Postfix) with ESMTP id 9C0B322181EB;
Wed, 31 Aug 2011 17:00:59 +0200 (CEST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Christian Bac <christian.bac at it-sudparis.eu>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Message-ID: <20110831150058.2821.81536.reportbug at ff51.localdomain>
X-Mailer: reportbug 6.1
Date: Wed, 31 Aug 2011 17:00:58 +0200
X-INT-MailScanner-Information: Please contact the ISP for more information
X-INT-MailScanner-ID: 9C0B322181EB.A2D44
X-INT-MailScanner: Found to be clean
X-INT-MailScanner-SpamCheck:
X-INT-MailScanner-From: christian.bac at it-sudparis.eu
Delivered-To: submit at bugs.debian.org
Package: sympa
Version: 6.1.4~dfsg-1
Severity: important
Tags: squeeze sid
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 3.0.0-1-686-pae (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages sympa depends on:
ii adduser 3.113 add and remove users and groups
ii dbconfig-common 1.8.47 common framework for packaging dat
ii debconf [debconf-2.0] 1.5.40 Debian configuration management sy
ii exim4-daemon-heavy [mail- 4.76-2 Exim MTA (v4) daemon with extended
ii libarchive-zip-perl 1.30-4 Perl module for manipulation of ZI
ii libc6 2.13-16 Embedded GNU C Library: Shared lib
ii libcgi-fast-perl 5.12.4-4 CGI::Fast Perl module
ii libdbd-mysql-perl 4.019-1 Perl5 database interface to the My
ii libdbd-pg-perl 2.18.1-1 Perl DBI driver for the PostgreSQL
ii libdbd-sqlite3-perl 1.33-1 Perl DBI driver with a self-contai
ii libdbd-sybase-perl 1.00-3+b5 Sybase/MS SQL database driver for
ii libdbi-perl 1.616-1+b1 Perl Database Interface (DBI)
ii libfcgi-perl 0.73-1 helper module for FastCGI
ii libfile-copy-recursive-pe 0.38-1 Perl extension for recursively cop
ii libhtml-format-perl 2.10-1 module for transforming HTML into
ii libhtml-stripscripts-pars 1.03-1 module to filter scripts out of HT
ii libhtml-tree-perl 4.2-1 Perl module to represent and creat
ii libintl-perl 1.20-1 Uniforum message translations syst
ii libio-stringy-perl 2.110-4 Perl modules for IO from scalars a
ii libmailtools-perl 2.08-1 Manipulate email in perl programs
ii libmime-charset-perl 1.009.1-1 module for MIME character set info
ii libmime-encwords-perl 1.012.3-1 Perl interface to deal with RFC 20
ii libmime-lite-html-perl 1.23-1 Transform HTML page into MIME emai
ii libmime-tools-perl 5.502-1 Perl5 modules for MIME-compliant m
ii libmsgcat-perl 1.03-5+b1 Locale::Msgcat perl module
ii libnet-ldap-perl 1:0.4001-2 client interface to LDAP servers
ii libnet-netmask-perl 1.9015-4 parse, manipulate and lookup IP ne
ii libregexp-common-perl 2011041701-1 module with common regular express
ii libtemplate-perl 2.22-0.1+b1 template processing system written
ii libterm-progressbar-perl 2.09-6 Perl module to print a progress ba
ii libunicode-linebreak-perl 0.0.20110501-1 UAX #14 Unicode Line Breaking Algo
ii libxml-libxml-perl 1.84+dfsg-1 Perl interface to the libxml2 libr
ii lsb-base 3.2-27 Linux Standard Base 3.2 init scrip
ii mhonarc 2.6.18-1 Mail to HTML converter
ii perl 5.12.4-4 Larry Wall's Practical Extraction
ii perl-modules [libcgi-pm-p 5.12.4-4 Core Perl modules
ii rsyslog [system-log-daemo 5.8.3-1 reliable system and kernel logging
ii sqlite3 3.7.7-2 Command line interface for SQLite
Versions of packages sympa recommends:
ii ca-certificates 20110502 Common CA certificates
ii doc-base 0.10.2 utilities to manage online documen
pn libapache2-mod-fastcgi <none> (no description available)
ii libcrypt-ciphersaber-perl 0.61-4 Perl module implementing CipherSab
ii libfile-nfslock-perl 1.21-1 perl module to do NFS (or not) loc
ii libio-socket-ssl-perl 1.43-1 Perl module implementing object or
ii libmail-dkim-perl 0.39-1 cryptographically identify the sen
ii libsoap-lite-perl 0.713-1 Perl implementation of a SOAP clie
ii locales 2.13-16 Embedded GNU C Library: National L
ii logrotate 3.7.8-6 Log rotation utility
ii postgresql 9.0.4-1 object-relational SQL database (su
Versions of packages sympa suggests:
ii apache2 2.2.19-1 Apache HTTP Server metapackage
ii apache2-mpm-prefork [httpd-cg 2.2.19-1 Apache HTTP Server - traditional n
ii libapache2-mod-fcgid 1:2.3.6-1 an alternative module compat with
pn libauthcas-perl <none> (no description available)
pn libdbd-oracle-perl <none> (no description available)
pn libtext-linefold-perl <none> (no description available)
pn libtext-wrap-perl <none> (no description available)
ii openssl 1.0.0d-3 Secure Socket Layer (SSL) binary a
-- Configuration Files:
/etc/sympa/sympa.conf-smime.in [Errno 13] Permission denied: u'/etc/sympa/sympa.conf-smime.in'
-- debconf information:
* sympa/dbconfig-install: true
sympa/remote/newhost:
* sympa/listmaster: listmaster at ff51.local
* wwsympa/wwsympa_url: http://ff51.local/wws
* wwsympa/webserver_restart: true
sympa/remote/port:
sympa/pgsql/manualconf:
sympa/upgrade-backup: true
sympa/pgsql/changeconf: false
* sympa/hostname: ff51.local
* sympa/pgsql/authmethod-user: ident
sympa/dbconfig-upgrade: true
* sympa/use_soap: true
sympa/db/dbname: sympa
sympa/internal/skip-preseed: true
* sympa/database-type: pgsql
sympa/db/basepath:
sympa/remote/host:
* wwsympa/fastcgi: true
sympa/internal/reconfiguring: false
sympa/db/app-user: sympa
sympa/purge: false
sympa/remove-error: abort
* wwsympa/webserver_type: Apache 2
sympa/mysql/admin-user: root
sympa/dbconfig-remove:
sympa/mysql/method: unix socket
sympa/dbconfig-reinstall: false
sympa/pgsql/admin-user: postgres
sympa/upgrade-error: abort
* sympa/language: en_US
sympa/pgsql/method: unix socket
sympa/install-error: abort
sympa/pgsql/no-empty-passwords:
sympa/pgsql/authmethod-admin: ident
* wwsympa/remove_spool: false
sympa/passwords-do-not-match:
sympa/missing-db-package-error: abort
sympa/remove_spool: false
More information about the Pkg-sympa-devel
mailing list