[Debconf-devel] Bug#636219: How can we quote # in a value passed to debconf-set-selections?
Steven Chamberlain
steven at pyro.eu.org
Sun Mar 25 23:59:20 UTC 2012
package debconf
tags 636219 + patch squeeze
reopen 589519 =
severity 589519 important
merge 589519 636219
found debconf/1.5.36.1
found debconf/1.5.38
fixed debconf/1.5.39
thanks
Hi,
I'm merging this with an older bug report about the same issue. I'm
reopening that and tagging as 'squeeze' because I think it maybe should
be addressed in a future point release of Squeeze.
In the case of Debian Edu configuration scripts, this bug meant that a
password containing a # character would be truncated, hence more easily
broken by bruteforce attack (or just leaving someone unable to log in).
A workaround has been implemented for Debian Edu but I think other
(standard Debian) packages could be affected, perhaps during d-i too.
Regards,
--
Steven Chamberlain
steven at pyro.eu.org
More information about the Debconf-devel
mailing list