reportbug includes sensitive information in report

Bug #13072 reported by Debian Bug Importer on 2005-02-18
4
Affects Status Importance Assigned to Milestone
reportbug (Debian)
Fix Released
Unknown
reportbug (Ubuntu)
High
Martin Pitt

Bug Description

Automatically imported from Debian bug report #295853 http://bugs.debian.org/295853

Debian Bug Importer (debzilla) wrote :

Automatically imported from Debian bug report #295853 http://bugs.debian.org/295853

Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Fri, 18 Feb 2005 15:50:14 +0100
From: Rolf Leggewie <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: reportbug includes sensitive information in report

Package: reportbug
Version: 3.2
Severity: grave
Tags: security
Justification: user security hole

Hi Chris,

as a follow-up to 295407 which you managed to fix in a whirl-wind
(kudos!), I'd like to say that reportbug still includes sensitive
information in a default report against reportbug (see the XXX below).
There might be other things it includes from .reportbugrc which are not
really meant to be stored in a publicly accessible BTS.

Best regards

Rolf Leggewie

-- Package-specific info:
** /home/leggewie/.reportbugrc:
reportbug_version "3.2"
mode standard
ui text
realname "Rolf Leggewie"
email "<email address hidden>"
smtphost "postman.arcor.de"
smtpuser "XXX"
smtppasswd "XXX"

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-1-586tsc
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages reportbug depends on:
ii python2.3 2.3.4-19 An interactive high-level object-o

-- no debconf information

These things are all fixed in unstable (version 3.8); I will see if
the release team will accept 3.8 into testing.

On Fri, 18 Feb 2005 15:50:14 +0100, Rolf Leggewie
<email address hidden> wrote:
> Package: reportbug
> Version: 3.2
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Hi Chris,
>
> as a follow-up to 295407 which you managed to fix in a whirl-wind
> (kudos!), I'd like to say that reportbug still includes sensitive
> information in a default report against reportbug (see the XXX below).
> There might be other things it includes from .reportbugrc which are not
> really meant to be stored in a publicly accessible BTS.
>
> Best regards
>
> Rolf Leggewie
>
> -- Package-specific info:
> ** /home/leggewie/.reportbugrc:
> reportbug_version "3.2"
> mode standard
> ui text
> realname "Rolf Leggewie"
> email "<email address hidden>"
> smtphost "postman.arcor.de"
> smtpuser "XXX"
> smtppasswd "XXX"
>
> -- System Information:
> Debian Release: 3.1
> APT prefers testing
> APT policy: (500, 'testing')
> Architecture: i386 (i686)
> Kernel: Linux 2.4.27-1-586tsc
> Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
>
> Versions of packages reportbug depends on:
> ii python2.3 2.3.4-19 An interactive high-level object-o
>
> -- no debconf information
>
>

--
Chris Lawrence - http://blog.lordsutch.com/

tag 295853 +sarge
thanks
--
Chris Lawrence <email address hidden> - http://blog.lordsutch.com/

Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Fri, 18 Feb 2005 13:20:06 -0600
From: Chris Lawrence <email address hidden>
To: Rolf Leggewie <email address hidden>, <email address hidden>
Subject: Re: Bug#295853: reportbug includes sensitive information in report

These things are all fixed in unstable (version 3.8); I will see if
the release team will accept 3.8 into testing.

On Fri, 18 Feb 2005 15:50:14 +0100, Rolf Leggewie
<email address hidden> wrote:
> Package: reportbug
> Version: 3.2
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Hi Chris,
>
> as a follow-up to 295407 which you managed to fix in a whirl-wind
> (kudos!), I'd like to say that reportbug still includes sensitive
> information in a default report against reportbug (see the XXX below).
> There might be other things it includes from .reportbugrc which are not
> really meant to be stored in a publicly accessible BTS.
>
> Best regards
>
> Rolf Leggewie
>
> -- Package-specific info:
> ** /home/leggewie/.reportbugrc:
> reportbug_version "3.2"
> mode standard
> ui text
> realname "Rolf Leggewie"
> email "<email address hidden>"
> smtphost "postman.arcor.de"
> smtpuser "XXX"
> smtppasswd "XXX"
>
> -- System Information:
> Debian Release: 3.1
> APT prefers testing
> APT policy: (500, 'testing')
> Architecture: i386 (i686)
> Kernel: Linux 2.4.27-1-586tsc
> Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
>
> Versions of packages reportbug depends on:
> ii python2.3 2.3.4-19 An interactive high-level object-o
>
> -- no debconf information
>
>

--
Chris Lawrence - http://blog.lordsutch.com/

Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Fri, 18 Feb 2005 13:38:48 -0600
From: Chris Lawrence <email address hidden>
To: <email address hidden>
Subject: tag

tag 295853 +sarge
thanks
--
Chris Lawrence <email address hidden> - http://blog.lordsutch.com/

Package: reportbug
Version: 3.2
Followup-For: Bug #295853

Chris, good to hear. From the Changelog I got the impression that this
issue still had not been addressed.

Debian Bug Importer (debzilla) wrote :

Message-Id: <email address hidden>
Date: Sat, 19 Feb 2005 17:01:29 +0100
From: Rolf Leggewie <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: reportbug: Well done!

Package: reportbug
Version: 3.2
Followup-For: Bug #295853

Chris, good to hear. From the Changelog I got the impression that this
issue still had not been addressed.

On Sat, 19 Feb 2005 17:01:29 +0100, Rolf Leggewie
<email address hidden> wrote:
> Chris, good to hear. From the Changelog I got the impression that this
> issue still had not been addressed.

3.8 is installed in sarge as of today; closing this report.

CNL
--
Chris Lawrence - http://blog.lordsutch.com/

Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Sat, 19 Feb 2005 15:51:23 -0600
From: Chris Lawrence <email address hidden>
To: <email address hidden>
Subject: Re: Bug#295853: reportbug: Well done!

On Sat, 19 Feb 2005 17:01:29 +0100, Rolf Leggewie
<email address hidden> wrote:
> Chris, good to hear. From the Changelog I got the impression that this
> issue still had not been addressed.

3.8 is installed in sarge as of today; closing this report.

CNL
--
Chris Lawrence - http://blog.lordsutch.com/

Martin Pitt (pitti) wrote :

Already fixed in Hoary, fixed Warty in USN-88-1.

Should this bug be closed. The log against the bug suggests it should
be, but it seems to still be open.

--
Horms

Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Wed, 2 Mar 2005 17:38:48 +0900
From: Horms <email address hidden>
To: <email address hidden>
Subject: reportbug includes sensitive information in report

Should this bug be closed. The log against the bug suggests it should
be, but it seems to still be open.

--
Horms

Its closed; Chris's message on Feb 19 was to:
<email address hidden>, which caused it to be marked as "Done".
See also the "done" tag, up top.

Justin

On Wed, Mar 02, 2005 at 05:38:48PM +0900, Horms wrote:
> Should this bug be closed. The log against the bug suggests it should
> be, but it seems to still be open.

Debian Bug Importer (debzilla) wrote :

Message-ID: <20050302133506.GB26791@andromeda>
Date: Wed, 2 Mar 2005 08:35:06 -0500
From: Justin Pryzby <email address hidden>
To: Horms <email address hidden>, <email address hidden>
Subject: Re: Bug#295853: reportbug includes sensitive information in report

Its closed; Chris's message on Feb 19 was to:
<email address hidden>, which caused it to be marked as "Done".
See also the "done" tag, up top.

Justin

On Wed, Mar 02, 2005 at 05:38:48PM +0900, Horms wrote:
> Should this bug be closed. The log against the bug suggests it should
> be, but it seems to still be open.

On Wed, Mar 02, 2005 at 08:35:06AM -0500, Justin Pryzby wrote:
> Its closed; Chris's message on Feb 19 was to:
> <email address hidden>, which caused it to be marked as "Done".
> See also the "done" tag, up top.

Sorry for the noise, I must have been half asleep when I read it.

--
Horms

Debian Bug Importer (debzilla) wrote :

Message-ID: <email address hidden>
Date: Fri, 4 Mar 2005 13:49:39 +0900
From: Horms <email address hidden>
To: Justin Pryzby <email address hidden>
Cc: Horms <email address hidden>, <email address hidden>
Subject: Re: Bug#295853: reportbug includes sensitive information in report

On Wed, Mar 02, 2005 at 08:35:06AM -0500, Justin Pryzby wrote:
> Its closed; Chris's message on Feb 19 was to:
> <email address hidden>, which caused it to be marked as "Done".
> See also the "done" tag, up top.

Sorry for the noise, I must have been half asleep when I read it.

--
Horms

Changed in reportbug:
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.