Package: gmailfs
Version: 0.6-1
Severity: normal
The gmailfs.log file generated on my system was world readable and
contains the gmail user's password.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (990, 'unstable'), (1, 'experimental')
tag 341300 + pending patch
thanks
On Wed, Nov 30, 2005 at 09:49:21AM +1100, Richard Jones wrote:
Definately take it out. In some sense it doesn't matter if its 600,
as if you can read that file then you are likely to be able to modify
the executables and capture the password anyway but the
2 matches
Mail list logo
