[pkg-gnupg-maint] Bug#801757: Pinentry displays password while typing
Klaus Ethgen
Klaus at Ethgen.de
Wed Oct 14 09:14:11 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package: pinentry-gtk2
Version: 0.9.6-2
Severity: grave
In newest version, pinentry is displaying password when typing. (It is
displaying the last letter but a observer can easily read the password.)
That is a big security issue that renders pinentry completely unusable in
any environment where one is not alone sitting in a dark cabin. When
working in a big office, that is insane!
Please revert that recent change back to the secure way of just
displaying dots.
- -- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (800, 'unstable'), (500, 'testing'), (110, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.0.7 (SMP w/8 CPU cores)
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) (ignored: LC_ALL set to de_DE)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages pinentry-gtk2 depends on:
ii libassuan0 2.3.0-1
ii libc6 2.19-22
ii libglib2.0-0 2.46.0-2
ii libgpg-error0 1.20-1
ii libgtk2.0-0 2.24.28-1
ii libncursesw5 6.0+20150810-1
ii libsecret-1-0 0.18.3-1
ii libtinfo5 6.0+20150810-1
pinentry-gtk2 recommends no packages.
Versions of packages pinentry-gtk2 suggests:
ii pinentry-doc 0.9.6-2
- -- no debconf information
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <Klaus at Ethgen.de>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQGcBAEBCgAGBQJWHhzaAAoJEKZ8CrGAGfasJo0L/jH9Uf5x+qUagHhM0noEAu7r
eOZbe6oEGiPZEIdnQW6F+ndCYW35V57dm0H/X5aHIbBzmJ7e2vR6LCnfmMjQnbT3
FW4WiBU1t2D/8yucUD+PdlbqdKJoCjfW23SRvlL1d0/wa/Qb++rdkJyZqIYgWEjH
7OzY1uLlMJo0bTCYRwq2U+0h3Nj024oSktxpi84L8FZjy8kpfbEDClkT4fRUeDKq
ly/O7DsEPB3jUBGD8uUvoQZvoDj4eyGe5lTfb0gFLhuq4WrJVKN+r0p0Ysd0FVsE
xqeiicvZDVxXtIDYWG7XbL9FQ8hTOAdXKkuAFyOWF/PTv9fkQ+fviSSruxS6Urck
oVYOGKYnDp83KxFBUR5iCV9NqtUW6WBXHQS47irvF7eR/i+eJE1NR3zj1lT5VY/z
1BrAbXT5KbUG1Lb1UAl7+fHiPh9mvOv1Mr5jPvL8EtpI5Lhx298bZMKxErqu5yMA
nj7gekhyrVG6n9cDBR0Dn3lcaTAWdDo6s5p1hTFaAA==
=w367
-----END PGP SIGNATURE-----
More information about the pkg-gnupg-maint
mailing list