Comment 2 for bug 12955

Message-Id: <email address hidden>
Date: Tue, 15 Feb 2005 11:53:16 +0100
From: Rolf Leggewie <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: reportbug: config files are world readable

Package: reportbug
Version: 3.2
Severity: grave
Justification: user security hole

The conf files for reportbug are created world-readable. For users of
smart-hosts this represents a security hole since it exposes their
passwords on that host for any local user to pick up. Heck, reportbug
even included that information in this bug report before I deleted it.

-- Package-specific info:
** /home/leggewie/.reportbugrc:
reportbug_version "3.2"
mode standard
ui text
realname "Rolf Leggewie"
email "<email address hidden>"
smtphost "postman.arcor.de"

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-1-586tsc
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages reportbug depends on:
ii python2.3 2.3.4-19 An interactive high-level object-o

-- no debconf information