-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package: pinentry-gtk2 Version: 0.9.6-2 Severity: grave
In newest version, pinentry is displaying password when typing. (It is displaying the last letter but a observer can easily read the password.) That is a big security issue that renders pinentry completely unusable in any environment where one is not alone sitting in a dark cabin. When working in a big office, that is insane! Please revert that recent change back to the secure way of just displaying dots. - -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (800, 'unstable'), (500, 'testing'), (110, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.0.7 (SMP w/8 CPU cores) Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) (ignored: LC_ALL set to de_DE) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages pinentry-gtk2 depends on: ii libassuan0 2.3.0-1 ii libc6 2.19-22 ii libglib2.0-0 2.46.0-2 ii libgpg-error0 1.20-1 ii libgtk2.0-0 2.24.28-1 ii libncursesw5 6.0+20150810-1 ii libsecret-1-0 0.18.3-1 ii libtinfo5 6.0+20150810-1 pinentry-gtk2 recommends no packages. Versions of packages pinentry-gtk2 suggests: ii pinentry-doc 0.9.6-2 - -- no debconf information - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <kl...@ethgen.de> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQGcBAEBCgAGBQJWHhzaAAoJEKZ8CrGAGfasJo0L/jH9Uf5x+qUagHhM0noEAu7r eOZbe6oEGiPZEIdnQW6F+ndCYW35V57dm0H/X5aHIbBzmJ7e2vR6LCnfmMjQnbT3 FW4WiBU1t2D/8yucUD+PdlbqdKJoCjfW23SRvlL1d0/wa/Qb++rdkJyZqIYgWEjH 7OzY1uLlMJo0bTCYRwq2U+0h3Nj024oSktxpi84L8FZjy8kpfbEDClkT4fRUeDKq ly/O7DsEPB3jUBGD8uUvoQZvoDj4eyGe5lTfb0gFLhuq4WrJVKN+r0p0Ysd0FVsE xqeiicvZDVxXtIDYWG7XbL9FQ8hTOAdXKkuAFyOWF/PTv9fkQ+fviSSruxS6Urck oVYOGKYnDp83KxFBUR5iCV9NqtUW6WBXHQS47irvF7eR/i+eJE1NR3zj1lT5VY/z 1BrAbXT5KbUG1Lb1UAl7+fHiPh9mvOv1Mr5jPvL8EtpI5Lhx298bZMKxErqu5yMA nj7gekhyrVG6n9cDBR0Dn3lcaTAWdDo6s5p1hTFaAA== =w367 -----END PGP SIGNATURE-----