-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 13 Sep 2004 16:32:07 -0400 Source: usermin Binary: usermin-commands usermin-postgresql usermin-procmail usermin-gnupg usermin-cshrc usermin-mysql usermin-ssh usermin-usermount usermin-tunnel usermin-mailbox usermin-spamassassin usermin-quota usermin-proc usermin-updown usermin-htaccess usermin-cron usermin-plan usermin usermin-forward usermin-at usermin-chfn usermin-shell usermin-fetchmail usermin-man usermin-htpasswd usermin-changepass Architecture: source all Version: 1.090-1 Distribution: unstable Urgency: high Maintainer: Debian QA Group <packages@qa.debian.org> Changed-By: Jaldhar H. Vyas <jaldhar@debian.org> Description: usermin - A web interface for user tasks usermin-at - An at(1) module for the usermin web-based administration tool usermin-changepass - A password module for the usermin web-based administration tool usermin-chfn - A user details module for the usermin web-based admin tool usermin-commands - A custom commands module for the usermin web-based admin tool usermin-cron - A cron module for the usermin web-based administration tool usermin-cshrc - A .cshrc module for the usermin web-based administration tool usermin-fetchmail - A fetchmail module for the usermin web-based administration tool usermin-forward - A .forward module for the usermin web-based administration tool usermin-gnupg - A GnuPG module for the usermin web-based administration tool usermin-htaccess - An htaccess config module for the usermin web-based admin tool usermin-htpasswd - An htpasswd config module for the usermin web-based admin tool usermin-mailbox - A mailbox module for the usermin web-based administration tool usermin-man - A man module for the usermin web-based administration tool usermin-mysql - A mysql module for the usermin web-based administration tool usermin-plan - A .plan module for the usermin web-based administration tool usermin-postgresql - A postgresql module for the usermin web-based administration tool usermin-proc - A process module for the usermin web-based administration tool usermin-procmail - A procmail module for the usermin web-based administration tool usermin-quota - A quota module for the usermin web-based administration tool usermin-shell - A command shell for the usermin web-based administration tool usermin-spamassassin - Spamassassin module for the usermin web-based administration tool usermin-ssh - An SSH module for the usermin web-based administration tool usermin-tunnel - An HTTP tunnel module for the usermin web-based admin tool usermin-updown - A file transfer module for the usermin web-based admin tool usermin-usermount - A file system mount module for the usermin web-based admin tool Closes: 237541 253890 271252 Changes: usermin (1.090-1) unstable; urgency=high . * New upstream version. * [SECURITY] This version fixes the following security problems: CAN-2004-0559 A security hole in the maketemp.pl script, used to create the /tmp/.usermin directory at install time. If an un-trusted user creates this directory before usermin is installed, he could create in it a symbolic link pointing to a critical file on the system, which would be overwritten when usermin writes to the link filename. . (CAN-2004-0588) SNS Advisory No.77 "Usermin Remote Arbitrary Shell Command ExecutionVulnerability" - A vulnerability in Usermin's Web mail function could result in arbitrary OS command execution upon viewing a specially crafted HTML mail. . Also just for the record, 1.080-1 had fixed: SNS Advisory No.73 "Usermin Cross-site Scripting Vulnerability" and (CAN-2004-0583) SNS Advisory No.75 "Webmin/Usermin Account Lockout Bypass Vulnerability" . (Closes: #271252, #253890) * Made usermin-procs config world readable so that usermin-gnupg works properly. Thanks to Jochen Pawletta for his work on solving this. (Closes: #237541) * Add a note to README.Debian documenting that usermin modules are disabled by default. You need to use webmin-usermin to enable them with access controls to your satisfaction. * usermin package now recommends webmin-usermin * orphaned. Files: ba09ca2064c88344ba2ad109cbb3556c 979 admin optional usermin_1.090-1.dsc 7ae8f94d5079048a265351ebcbf25f7c 1708432 admin optional usermin_1.090.orig.tar.gz b23f7baa2786196c9ad5a4c2aa7e899e 15526 admin optional usermin_1.090-1.diff.gz 90c46c6e22380ecd5b6b0212c79dfab7 455962 admin optional usermin_1.090-1_all.deb 59dc4b1d845d733652d271a4f24f0e04 20476 admin optional usermin-at_1.090-1_all.deb 511d9b48498af8b06d8f277989f78018 16248 admin optional usermin-changepass_1.090-1_all.deb 3d4a15d815df165ec0e380010156e728 12192 admin optional usermin-chfn_1.090-1_all.deb 058a53f479aaaf34f0b2ba02f22cefdc 27062 admin optional usermin-commands_1.090-1_all.deb 53d3ca8517f4388b900fb2591aff7ff1 61630 admin optional usermin-cron_1.090-1_all.deb eb9c85e952b0919bf2aa7cc69811ee6e 8242 admin optional usermin-cshrc_1.090-1_all.deb 02b473a6e5d18385cb19191f72ca2459 35090 admin optional usermin-fetchmail_1.090-1_all.deb eb17dd41004e57212d92d0bcf97b3ebc 24636 admin optional usermin-forward_1.090-1_all.deb 45113dd3b1c049e6f8414463ea8d0010 28734 admin optional usermin-gnupg_1.090-1_all.deb 83951218ad26c175519d94028c7b4b75 269508 admin optional usermin-htaccess_1.090-1_all.deb 3b5358b460c5cbb4430568388909df0c 19728 admin optional usermin-htpasswd_1.090-1_all.deb b6195680c5cd9ea2c2adbde9c508e555 162922 admin optional usermin-mailbox_1.090-1_all.deb f9214b87a0c37190324f463abcba2a3b 35242 admin optional usermin-man_1.090-1_all.deb 0ba32404a60777e02e518f81c0fc1b5d 146710 admin optional usermin-mysql_1.090-1_all.deb 8845a668991fba07dd7487f0165040a0 9718 admin optional usermin-plan_1.090-1_all.deb ab689804cc10998c4decaa95fdbe274b 119762 admin optional usermin-postgresql_1.090-1_all.deb 997019bf36c152955b68a267936fbb67 73896 admin optional usermin-proc_1.090-1_all.deb dce6a9a8b0f38801d4bf7af89796fe27 26130 admin optional usermin-procmail_1.090-1_all.deb 95aa31a21e859bd241a1bf61f0418019 46980 admin optional usermin-quota_1.090-1_all.deb 4692c978554200837aaa678cc91a6895 61310 admin optional usermin-shell_1.090-1_all.deb b204487f83c3e16a28fb52d58e5703b8 87514 admin optional usermin-spamassassin_1.090-1_all.deb a96037994348256c3d75a568b45f749b 44020 admin optional usermin-ssh_1.090-1_all.deb 84d5e8d9aa337481579b22f67cfc5be0 10856 admin optional usermin-tunnel_1.090-1_all.deb c4c22bdbcd96ee03077e68365bc48ba1 20388 admin optional usermin-updown_1.090-1_all.deb 3dbdb685f7ef43897750a603274b1581 88100 admin optional usermin-usermount_1.090-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBRgVo2kYOR+5txmoRAuGNAJwNKvD2vNdwKiJw86gle9DemyA/XQCgq5Yc s/N3EnnltTmdjRYShJwMnoU= =8i/U -----END PGP SIGNATURE----- Accepted: usermin-at_1.090-1_all.deb to pool/main/u/usermin/usermin-at_1.090-1_all.deb usermin-changepass_1.090-1_all.deb to pool/main/u/usermin/usermin-changepass_1.090-1_all.deb usermin-chfn_1.090-1_all.deb to pool/main/u/usermin/usermin-chfn_1.090-1_all.deb usermin-commands_1.090-1_all.deb to pool/main/u/usermin/usermin-commands_1.090-1_all.deb usermin-cron_1.090-1_all.deb to pool/main/u/usermin/usermin-cron_1.090-1_all.deb usermin-cshrc_1.090-1_all.deb to pool/main/u/usermin/usermin-cshrc_1.090-1_all.deb usermin-fetchmail_1.090-1_all.deb to pool/main/u/usermin/usermin-fetchmail_1.090-1_all.deb usermin-forward_1.090-1_all.deb to pool/main/u/usermin/usermin-forward_1.090-1_all.deb usermin-gnupg_1.090-1_all.deb to pool/main/u/usermin/usermin-gnupg_1.090-1_all.deb usermin-htaccess_1.090-1_all.deb to pool/main/u/usermin/usermin-htaccess_1.090-1_all.deb usermin-htpasswd_1.090-1_all.deb to pool/main/u/usermin/usermin-htpasswd_1.090-1_all.deb usermin-mailbox_1.090-1_all.deb to pool/main/u/usermin/usermin-mailbox_1.090-1_all.deb usermin-man_1.090-1_all.deb to pool/main/u/usermin/usermin-man_1.090-1_all.deb usermin-mysql_1.090-1_all.deb to pool/main/u/usermin/usermin-mysql_1.090-1_all.deb usermin-plan_1.090-1_all.deb to pool/main/u/usermin/usermin-plan_1.090-1_all.deb usermin-postgresql_1.090-1_all.deb to pool/main/u/usermin/usermin-postgresql_1.090-1_all.deb usermin-proc_1.090-1_all.deb to pool/main/u/usermin/usermin-proc_1.090-1_all.deb usermin-procmail_1.090-1_all.deb to pool/main/u/usermin/usermin-procmail_1.090-1_all.deb usermin-quota_1.090-1_all.deb to pool/main/u/usermin/usermin-quota_1.090-1_all.deb usermin-shell_1.090-1_all.deb to pool/main/u/usermin/usermin-shell_1.090-1_all.deb usermin-spamassassin_1.090-1_all.deb to pool/main/u/usermin/usermin-spamassassin_1.090-1_all.deb usermin-ssh_1.090-1_all.deb to pool/main/u/usermin/usermin-ssh_1.090-1_all.deb usermin-tunnel_1.090-1_all.deb to pool/main/u/usermin/usermin-tunnel_1.090-1_all.deb usermin-updown_1.090-1_all.deb to pool/main/u/usermin/usermin-updown_1.090-1_all.deb usermin-usermount_1.090-1_all.deb to pool/main/u/usermin/usermin-usermount_1.090-1_all.deb usermin_1.090-1.diff.gz to pool/main/u/usermin/usermin_1.090-1.diff.gz usermin_1.090-1.dsc to pool/main/u/usermin/usermin_1.090-1.dsc usermin_1.090-1_all.deb to pool/main/u/usermin/usermin_1.090-1_all.deb usermin_1.090.orig.tar.gz to pool/main/u/usermin/usermin_1.090.orig.tar.gz -- To UNSUBSCRIBE, email to debian-devel-changes-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org