Package: mnogosearch-common
Version: 3.2.31-1
Severity: critical
Tags: security
The Debian configuration tool (debconf) asks for the database
administrator password when configuring mnogosearch, and then
stores the password in clear text in the world-readable file
/var/cache/debconf/config.dat under the key
mnogosearch-common/database_admin_pass instead of using the
restricted access file /var/cache/debconf/passwords.dat
Regards,
Andrew
--
mailto:[EMAIL PROTECTED] Andrew Pam
http://www.xanadu.com.au/ Chief Scientist, Xanadu
http://www.glasswings.com.au/ Partner, Glass Wings
http://www.sericyb.com.au/ Manager, Serious Cybernetics
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
