Package: release.debian.org Severity: normal Tags: jessie User: release.debian.org@packages.debian.org Usertags: pu Dear Release Team, #831813 is an rc-bug in nullmailer, which, for some configurations, keeps username/passwords in the debconf db. I've fixed this in unstable as an NMU; Security has suggested doing the same for jessie in a point release. Debdiff attached. Cheers, -- ,''`. Christian Hofstaedtler <zeha@debian.org> : :' : Debian Developer `. `' 7D1A CFFA D9E0 806C 9C4C D392 5C13 D6DB 9305 2E03 `-
diff -Nru nullmailer-1.13/debian/changelog nullmailer-1.13/debian/changelog --- nullmailer-1.13/debian/changelog 2014-08-08 00:19:32.000000000 +0000 +++ nullmailer-1.13/debian/changelog 2016-08-06 17:38:32.000000000 +0000 @@ -1,3 +1,12 @@ +nullmailer (1:1.13-1+deb8u1) jessie; urgency=medium + + * Non-maintainer upload. + * Do not keep relayhost data in debconf database longer than + strictly needed. (Closes: #831813) + Backport of 1:1.13-1.2 from unstable. + + -- Christian Hofstaedtler <zeha@debian.org> Sat, 06 Aug 2016 17:36:35 +0000 + nullmailer (1:1.13-1) unstable; urgency=low * Ack NMU, thankyou for your help with this package. diff -Nru nullmailer-1.13/debian/postinst nullmailer-1.13/debian/postinst --- nullmailer-1.13/debian/postinst 2012-08-21 08:07:21.000000000 +0000 +++ nullmailer-1.13/debian/postinst 2016-08-06 17:35:13.000000000 +0000 @@ -37,6 +37,8 @@ -e 's/[[:space:]]*:[[:space:]]*/\n/g' \ -e ':b s/(\[[^]=]*)=/\1:/; tb' \ -e 's/[][]//g' > /etc/nullmailer/remotes + # zap debconf entry, as this key may contain sensitive data. + db_set nullmailer/relayhost "" db_get nullmailer/adminaddr if [ "$RET" ]; then
Attachment:
signature.asc
Description: PGP signature