Package: aiccu Version: 20070115-9 Severity: normal If you look at /var/cache/debconf/passwords.dat, you'll probably find a copy of the password in there. While the file is only readable by root, this is an unnecessary way to leak the password.
Best practice for password prompting with debconf is to call db_reset to clear the password out of the database as soon as possible after you use it. -- System Information: Debian Release: 5.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.27-1-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages aiccu depends on: ii debconf 1.5.24 Debian configuration management sy ii iproute 20080725-2 networking and traffic control too ii iputils-ping 3:20071127-1 Tools to test the reachability of ii iputils-tracepath 3:20071127-1 Tools to trace the network path to ii libc6 2.7-18 GNU C Library: Shared libraries ii libgnutls26 2.4.2-4 the GNU TLS library - runtime libr ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip Versions of packages aiccu recommends: ii ntpdate 1:4.2.4p4+dfsg-8 client for setting system time fro aiccu suggests no packages. -- debconf information excluded -- see shy jo
signature.asc
Description: Digital signature
