reassign 305142 debian-installer thanks On Mon, Apr 18, 2005 at 10:06:07AM +0200, Alexander Mader wrote: > Package: apt > Version: 0.5.28.1 > Severity: grave > Tags: security > Justification: user security hole > > During install apt.conf is written; including proxy configuration if > needed. The Proxy string is stored in apt.conf but permissions allow > group and others to read apt.conf hence to get the proxy password which > could even be a real users password.
This issue belongs to whichever installer component creates the file. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]