Package: nagios-mysql Version: 2:1.3-0+pre6 Severity: important
nagios-mysql leaks the database password in /var/log/messages if it can't connect to the mysql server. nagios: Error: Could not connect to MySQL database 'nagios' on host '' using username 'nagios' and password 'xxxxxxxxx'. Retention data will not be processed or saved! The line above is logged in /var/log/messages and the password is in cleartext. I think the password should be replaced with asterisks. Regards, Mikael Magnusson -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (800, 'testing'), (700, 'unstable') Architecture: i386 (i586) Kernel: Linux 2.6.9-1-mulder Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages nagios-mysql depends on: ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libgd2-xpm 2.0.33-1.1 GD Graphics Library version 2 ii libjpeg62 6b-9.hem.za.org-1 The Independent JPEG Group's JPEG ii libmysqlclient10 3.23.56-2 LGPL-licensed client library for M ii libpng12-0 1.2.8rel-1 PNG library - runtime ii nagios-common 2:1.3-0+pre6 A host/service/network monitoring ii zlib1g 1:1.2.2-3 compression library - runtime -- debconf information: nagios/warnmovedcommands: nagios/warncoords: * nagios/wwwsuid: true nagios/newapachecfg: nagios/upgradefromnetsaint: * nagios/configapache: Apache nagios/warnupgrade_5_6: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
