Bug#337624: All local users can view the webcalendar password from the debconf info
Package: webcalendar
Version: 0.9.45-7
Severity: normal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Every local user can view the password with this command:
debconf-get-selections | grep webcalendar/conf/db_password
The passwords for cacti and slapd are properly hidden, so this is
probaly not a misconfiguration.
- -- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.8-11-amd64-k8
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages webcalendar depends on:
ii apache [httpd] 1.3.33-8 versatile, high-performance HTTP s
ii debconf [debconf-2.0] 1.4.58 Debian configuration management sy
ii php4 4:4.4.0-2 server-side, HTML-embedded scripti
ii php4-cli 4:4.4.0-2 command-line interpreter for the p
ii php4-mysql 4:4.4.0-2 MySQL module for php4
Versions of packages webcalendar recommends:
ii mysql-server 4.0.24-10 mysql database server binaries
- -- debconf information excluded
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD4DBQFDbJzRSTv4ppQVDnwRAuH6AJiMRkoUzQXqhmF1C9u8WNYTh2z1AKCnXZRO
SLVnuhznFmK3S7hhe6WJuA==
=Gj0M
-----END PGP SIGNATURE-----
Reply to: