Bug#599712: libapache-authenhook-perl: leaks passwords to the logs

Ansgar Burchardt ansgar at 43-1.org
Wed Oct 13 14:30:26 UTC 2010


Hi,

libapache-authenhook-perl logs passwords in Apache's error.log if the
log level is >= info[1].  I prepared an update for Lenny including the
same patch used for testing/unstable (already unblocked[2] as well).

Should this go through stable-security or does the security team see
this as a minor issue that should be fixed in the next point release?
In the former case, shall I upload a package based on the attached patch
to stable-security?

Regards,
Ansgar

[1] <http://bugs.debian.org/599712>
[2] <http://bugs.debian.org/599779>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: libapache-authenhook-perl-lenny.diff
Type: text/x-diff
Size: 1330 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20101013/4378f895/attachment.diff>


More information about the pkg-perl-maintainers mailing list