On Sun, December 28, 2008 12:41, Aurelien Jarno wrote: > To honest, while I agree it is a real problem, I found strange it is > considered as a security problem with a CVE entry. Note also this problem > does not occurs for the initial setting of the password, but only when > changing it.
Yes, in my opinion it borders on a non-issue, but stictly speaking it's less secure than intended so that qualifies for a CVE name. But still, if we can fix it for lenny, we should. > Given we now have a CVE entry, I'll fix the bug in lenny/unstable. For > the experimental version, I am closing the bug for the experimental > version, as it is a SVN snapshot and the bug has already been fixed for > some days upstream. Great, thanks. Thijs -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
