[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#337624: All local users can view the webcalendar password from the debconf info



Package: webcalendar
Version: 0.9.45-7
Severity: normal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Every local user can view the password with this command:
debconf-get-selections | grep webcalendar/conf/db_password

The passwords for cacti and slapd are properly hidden, so this is
probaly not a misconfiguration.

- -- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.8-11-amd64-k8
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages webcalendar depends on:
ii  apache [httpd]                1.3.33-8   versatile, high-performance HTTP s
ii  debconf [debconf-2.0]         1.4.58     Debian configuration management sy
ii  php4                          4:4.4.0-2  server-side, HTML-embedded scripti
ii  php4-cli                      4:4.4.0-2  command-line interpreter for the p
ii  php4-mysql                    4:4.4.0-2  MySQL module for php4

Versions of packages webcalendar recommends:
ii  mysql-server                  4.0.24-10  mysql database server binaries

- -- debconf information excluded

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD4DBQFDbJzRSTv4ppQVDnwRAuH6AJiMRkoUzQXqhmF1C9u8WNYTh2z1AKCnXZRO
SLVnuhznFmK3S7hhe6WJuA==
=Gj0M
-----END PGP SIGNATURE-----



Reply to: