Devuan bug report logs - #143
bugs.devuan.org sends queries for bug numbers etc. unencrypted

Package: reportbug; Maintainer for reportbug is Mark Hindley <mark@hindley.org.uk>; Source for reportbug is src:reportbug.

Reported by: Jens Korte <korte@mailbox.org>

Date: Thu, 14 Sep 2017 20:18:01 UTC

Severity: normal

Tags: ascii, jessie

Done: Mark Hindley <mark@hindley.org.uk>

Full log


🔗 View this message in rfc822 format

X-Loop: owner@bugs.devuan.org
Subject: bug#143: bugs.devuan.org sends queries for bug numbers etc. unencrypted
Reply-To: Jens Korte <korte@mailbox.org>, 143@bugs.devuan.org
Resent-From: Jens Korte <korte@mailbox.org>
Resent-To: devuan-bugs@lists.dyne.org
Resent-CC: KatolaZ <katolaz@freaknet.org>
Resent-Date: Thu, 14 Sep 2017 20:18:01 UTC
Resent-Message-ID: <handler.143.B.150541980323882@bugs.devuan.org>
Resent-Sender: owner@bugs.devuan.org
X-Devuan-PR-Message: report 143
X-Devuan-PR-Package: reportbug
X-Devuan-PR-Keywords: 
Received: via spool by submit@bugs.devuan.org id=B.150541980323882
          (code B ref -1); Thu, 14 Sep 2017 20:18:01 UTC
Received: (at submit) by bugs.devuan.org; 14 Sep 2017 20:10:03 +0000
Delivered-To: devuanbugs@dyne.org
Received: from mail.dyne.org [178.62.188.7]
	by fulcanelli with IMAP (fetchmail-6.3.26)
	for <debbugs@localhost> (single-drop); Thu, 14 Sep 2017 22:10:03 +0200 (CEST)
Received: from mx1.mailbox.org (mx1.mailbox.org [80.241.60.212])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by tupac2.dyne.org (Postfix) with ESMTPS id 185FE190B59
	for <submit@bugs.devuan.org>; Thu, 14 Sep 2017 20:03:26 +0000 (UTC)
Authentication-Results: tupac2.dyne.org; dkim=pass
	reason="2048-bit key; unprotected key"
	header.d=mailbox.org header.i=@mailbox.org header.b=m7yKsqE+;
	dkim-adsp=pass; dkim-atps=neutral
Received: from smtp1.mailbox.org (smtp1.mailbox.org [80.241.60.240])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mx1.mailbox.org (Postfix) with ESMTPS id CE35543D08
	for <submit@bugs.devuan.org>; Thu, 14 Sep 2017 22:03:25 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mailbox.org; h=
	content-transfer-encoding:content-type:content-type:mime-version
	:message-id:subject:subject:from:from:date:date:received; s=
	mail20150812; t=1505419404; bh=ehiHoQfLRB1mv8gmcoOKrd57kZA9AOiZW
	wI1JWeFesM=; b=m7yKsqE+ABwCWZkLW0pfKW1+3FrVokhiScN4g904PjwVVEL2d
	ehgAPDVQt4fkt75f87pFTLExb/5YlPYOrW7vxestM3IoRIFYVR5QQGw1mqLKNqaQ
	DUTI56oawgnwA44hdnjqZtV8recATqu36qAS+Yn0EGyq1QvkWUQrePO9wch2HLiG
	Wb9tG4gUdPbt++fgOfKrZsIusNcxPz78G7UOFiWbBaxFqjTRZTL6RkW/e/d44VRa
	4AA3IueyGm3nE3pG/qKW7K1Pir00iL6f4jaICuLC1w+hmQew+gIQMHkVOsn/wH2M
	8Wl4CPzSisRVWFXodNYpA21mcrNJmUh4efmRQ==
X-Virus-Scanned: amavisd-new at heinlein-support.de
Received: from smtp1.mailbox.org ([80.241.60.240])
	by spamfilter03.heinlein-hosting.de (spamfilter03.heinlein-hosting.de [80.241.56.117]) (amavisd-new, port 10030)
	with ESMTP id Pylebhhbl9RG for <submit@bugs.devuan.org>;
	Thu, 14 Sep 2017 22:03:24 +0200 (CEST)
Date: Thu, 14 Sep 2017 22:02:48 +0200
From: Jens Korte <korte@mailbox.org>
To: submit@bugs.devuan.org
Message-ID: <20170914220248.03a899d8@j>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,RCVD_IN_DNSWL_LOW,RP_MATCHES_RCVD,SPF_PASS autolearn=disabled
	version=3.4.0
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on tupac2
package: reportbug
version: 0.42

This is not a bug in reportbug, I just know no better place to report
it.

If I enter a bug number e.g. 140 to https://bugs.devuan.org/ firefox
reports me, that the content is sent unecrypted, though I used https.
In the source of the page there is <form method="get"
action="http://bugs.devuan.org//cgi/bugreport.cgi">.

AFAIK the http://bugs.devuan.org/ should be remove
and /cgi/bugreport.cgi is enough. If you really want to, you can
enforce the usage of https by replacing http with https. There is
another line, where a get request with http is used.


Send a report that this bug log contains spam.


Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.

Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified: Fri Mar 29 13:35:06 2024;