Hi,
I uploaded an NMU of your package.
Please see this as help to get the package into a releaseable condition for
etch.
Please find the used diff below.
Cheers,
Andi
diff -Nur ../ssmtp-2.61~/debian/changelog ../ssmtp-2.61/debian/changelog
--- ../ssmtp-2.61~/debian/changelog 2006-12-02 15:29:00.000000000 +0000
+++ ../ssmtp-2.61/debian/changelog 2006-12-04 11:06:09.000000000 +0000
@@ -1,3 +1,11 @@
+ssmtp (2.61-10.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Fix Information leak in ssmtp that leads to password exposure.
+ Closes: #369542
+
+ -- Andreas Barth <[EMAIL PROTECTED]> Mon, 4 Dec 2006 11:03:19 +0000
+
ssmtp (2.61-10) unstable; urgency=low
* Added Spanish po-debconf translation (Closes: #393223)
diff -Nur ../ssmtp-2.61~/ssmtp.c ../ssmtp-2.61/ssmtp.c
--- ../ssmtp-2.61~/ssmtp.c 2006-12-02 15:29:00.000000000 +0000
+++ ../ssmtp-2.61/ssmtp.c 2006-12-04 11:02:18.000000000 +0000
@@ -1406,6 +1406,7 @@
struct passwd *pw;
int i, sock;
uid_t uid;
+ bool_t minus_v_save;
int timeout = 0;
outbytes = 0;
@@ -1522,7 +1523,12 @@
#ifdef MD5AUTH
}
#endif
+ /* We do NOT want the password output to STDERR
+ * even base64 encoded.*/
+ minus_v_save = minus_v;
+ minus_v = False;
outbytes += smtp_write(sock, "%s", buf);
+ minus_v = minus_v_save;
(void)alarm((unsigned) MEDWAIT);
if(smtp_okay(sock, buf) == False) {
--
http://home.arcor.de/andreas-barth/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
