secure testing announce - Feb 2007 - [SECURITY] [DTSA-32-1] New bcfg2 packages fix programming error

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Testing Security Advisory DTSA-32-1              February 1st, 2007
secure-testing-team@lists.alioth.debian.org                  Neil McGovern
http://secure-testing-master.debian.net/
- --------------------------------------------------------------------------

Package        : bcfg2
Vulnerability  : programming error
Problem-Scope  : local
Debian-specific: No
CVE ID         : None so far

Incorrect permissions for the bcfg2 configuration file could lead to password
disclosure to unprivileged users.

Please note that bcfg2 is not present in sarge.

For the testing distribution (etch) this is fixed in version
0.8.6.1-1.1etch1

For the unstable distribution (sid) this is fixed in version
0.8.7.3-1

This upgrade is recommended if you use bcfg2.

Upgrade Instructions
- --------------------

To use the Debian testing security archive, add the following lines to
your /etc/apt/sources.list:

deb http://security.debian.org/ testing/updates main contrib non-free
deb-src http://security.debian.org/ testing/updates main contrib non-free

To install the update, run this command as root:

apt-get update && apt-get install bcfg2

For further information about the Debian testing security team, please refer
to http://secure-testing-master.debian.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFwcSW97LBwbNFvdMRAsJLAKCEbRXb5+T/weHiiYvVaOJ86CDXNwCaAkne
jZpnX4JZ/shotwXrlbav9hg=l1OD
-----END PGP SIGNATURE-----

Vi takker for din henvendelse "[SECURITY] [DTSA-32-1] New bcfg2 packages
fix programming error".
Vi har registrert denne med f?lgende saksnummer:

    Saksnummer: 1702

Henvendelsen din vil bli behandlet fortl?pende av en saksbehandler hos oss, og
du vil f? svar s? snart som mulig.

Dersom du ?nsker ? legge til ytterligere kommentarer til henvendelsen din, s?
kan du svare p? denne e-post meldingen ved ? trykke Svar-knappen (Reply) i
mail-leseren din. Du m? da beholde subjekt-linjen slik at vi kan knytte
kommentaren til den opprinnelige henvendelsen din.
Du kan f?lge med p? status p? henvendelsen din via World Wide Web p? denne
Internett-adressen som vi har opprettet for din henvendelse:

http://support.coretrek.no/bin/customer?t=1702&u=420&p=Np4ElnK1Lx4yznQP2XsCWZwQKauHayT24zcBUoDadHbhQ34dJe9VWMyNFw%3D%3D

Vennligst ta vare p? saksnummeret dersom du henvender deg til oss, slik at vi
kan hjelpe deg s? snart som mulig.

Med vennlig hilsen
CoreTrek

-------------------------------------

English summary:
We thank you for your request "[SECURITY] [DTSA-32-1] New bcfg2 packages
fix programming error".
We have assigned it the following request number:

    Request number: 1702

Please include the request number in the subject line if you want to reply to
this mail. You can check the status on your request on the
following Internet adress:

http://support.coretrek.no/bin/customer?t=1702&u=420&p=Np4ElnK1Lx4yznQP2XsCWZwQKauHayT24zcBUoDadHbhQ34dJe9VWMyNFw%3D%3D

Best regards
CoreTrek

Hello,

Please whitelist this address from your auto-responses, as they reach a
mailing list.

Many thanks,
Neil McGovern

On Thu, Feb 01, 2007 at 01:37:01PM +0100, drift@coretrek.no
wrote:
> Vi takker for din henvendelse "[SECURITY] [DTSA-32-1] New bcfg2
packages fix programming error".
> Vi har registrert denne med f?lgende saksnummer:
> 
>     Saksnummer: 1702
> 
> Henvendelsen din vil bli behandlet fortl?pende av en saksbehandler hos oss,
og
> du vil f? svar s? snart som mulig.
> 
> Dersom du ?nsker ? legge til ytterligere kommentarer til henvendelsen din,
s?
> kan du svare p? denne e-post meldingen ved ? trykke Svar-knappen (Reply) i
> mail-leseren din. Du m? da beholde subjekt-linjen slik at vi kan knytte
> kommentaren til den opprinnelige henvendelsen din.
> Du kan f?lge med p? status p? henvendelsen din via World Wide Web p? denne
> Internett-adressen som vi har opprettet for din henvendelse:
> 
>
http://support.coretrek.no/bin/customer?t=1702&u=420&p=Np4ElnK1Lx4yznQP2XsCWZwQKauHayT24zcBUoDadHbhQ34dJe9VWMyNFw%3D%3D
> 
> Vennligst ta vare p? saksnummeret dersom du henvender deg til oss, slik at
vi
> kan hjelpe deg s? snart som mulig.
> 
> Med vennlig hilsen
> CoreTrek
> 
> -------------------------------------
> 
> English summary:
> We thank you for your request "[SECURITY] [DTSA-32-1] New bcfg2
packages fix programming error".
> We have assigned it the following request number:
> 
>     Request number: 1702
> 
> Please include the request number in the subject line if you want to reply
to
> this mail. You can check the status on your request on the
> following Internet adress:
> 
>
http://support.coretrek.no/bin/customer?t=1702&u=420&p=Np4ElnK1Lx4yznQP2XsCWZwQKauHayT24zcBUoDadHbhQ34dJe9VWMyNFw%3D%3D
> 
> Best regards
> CoreTrek
> 
> 
> 
> _______________________________________________
> Secure-testing-team mailing list
> Secure-testing-team@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
-- 
A. Because it breaks the logical sequence of discussion
Q. Why is top posting bad?
gpg key - http://www.halon.org.uk/pubkey.txt ; the.earth.li B345BDD3