Hi, I uploaded an NMU of your package.
Please see this as help to get the package into a releaseable condition for etch. Please find the used diff below. Cheers, Andi diff -Nur ../ssmtp-2.61~/debian/changelog ../ssmtp-2.61/debian/changelog --- ../ssmtp-2.61~/debian/changelog 2006-12-02 15:29:00.000000000 +0000 +++ ../ssmtp-2.61/debian/changelog 2006-12-04 11:06:09.000000000 +0000 @@ -1,3 +1,11 @@ +ssmtp (2.61-10.1) unstable; urgency=high + + * Non-maintainer upload. + * Fix Information leak in ssmtp that leads to password exposure. + Closes: #369542 + + -- Andreas Barth <[EMAIL PROTECTED]> Mon, 4 Dec 2006 11:03:19 +0000 + ssmtp (2.61-10) unstable; urgency=low * Added Spanish po-debconf translation (Closes: #393223) diff -Nur ../ssmtp-2.61~/ssmtp.c ../ssmtp-2.61/ssmtp.c --- ../ssmtp-2.61~/ssmtp.c 2006-12-02 15:29:00.000000000 +0000 +++ ../ssmtp-2.61/ssmtp.c 2006-12-04 11:02:18.000000000 +0000 @@ -1406,6 +1406,7 @@ struct passwd *pw; int i, sock; uid_t uid; + bool_t minus_v_save; int timeout = 0; outbytes = 0; @@ -1522,7 +1523,12 @@ #ifdef MD5AUTH } #endif + /* We do NOT want the password output to STDERR + * even base64 encoded.*/ + minus_v_save = minus_v; + minus_v = False; outbytes += smtp_write(sock, "%s", buf); + minus_v = minus_v_save; (void)alarm((unsigned) MEDWAIT); if(smtp_okay(sock, buf) == False) { -- http://home.arcor.de/andreas-barth/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]