[pkg-cryptsetup-devel] Bug#743158: systemd: sends private information without confirmation
Michael Biebl
biebl at debian.org
Sat Apr 25 14:42:42 UTC 2015
clone 743158 -1
reassign -1 cryptsetup
retitle -1 crpytsetup: sends private information without confirmation
thanks
Am 31.03.2014 um 03:33 schrieb Norbert Preining:
> Package: systemd
> Version: 204-8
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Sending /etc/fstab without asking the user is not acceptable,
> as there might be passwords saved in there.
>
> Please stop this.
I just noticed, that cryptsetup does the same via
/usr/share/bug/cryptsetup
Therefore cloning this bug reportbug and re-assigning
cryptsetup maintainers, please see [1] and [2], how this was fixed in
systemd. Our current bug script is at [3].
Thanks,
Michael
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743158
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=756248
[3]
http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/tree/debian/systemd.bug-script
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20150425/3c1bb30e/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list