The upstream author is not willing to cooperate on fixing the reported bugs and considers Debian to be "too demanding". Still, the upstream disrespected the Debian Project (used swear-word). I'm not willing to fork his work nor maintain an ever growing patch to fix chetcpasswd security flaws.
Regards, Eriberto - Brazil 2006/10/21, Bas Zoetekouw <[EMAIL PROTECTED]>:
Subject: uses HTTP_X_FORWARDED_FOR for authentication (and other security holes) Package: chetcpasswd Version: 2.3.3-1 Severity: critical Tags: security
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
