Opfer noticed that vpnc.conf is installed with 0644 permissions, it definitely should not as it contains sensitive data. # cat vpnc.conf IPSec gateway 131.246.118.240 IPSec ID unikl IPSec secret unikl Xauth username abcdef
Indeed
hanno has sent a patch upstream, we wait for integration.
Now 0.4.0 is in and I'd like to soon remove all older versions. Security, do you think this is worth an advisory? It's imho no real security flaw, just bad defaults.
Archs, please mark stable vpnc-0.4.0 so we can get rid of the svn-snapshot ebuilds.
x86 stable
ppc64 stable
(In reply to comment #3) > Security, do you think this is worth an advisory? It's imho no real security > flaw, just bad defaults. > probably no
ppc stable
amd64 stable
undecided... tend to vote no though the account used for my uni's vpn is the same as for mail etc, so it might contain pretty sensitive information
yet another no
(In reply to comment #11) > yet another no > i agree