package debconf tags 636219 + patch squeeze reopen 589519 = severity 589519 important merge 589519 636219 found debconf/1.5.36.1 found debconf/1.5.38 fixed debconf/1.5.39 thanks
Hi, I'm merging this with an older bug report about the same issue. I'm reopening that and tagging as 'squeeze' because I think it maybe should be addressed in a future point release of Squeeze. In the case of Debian Edu configuration scripts, this bug meant that a password containing a # character would be truncated, hence more easily broken by bruteforce attack (or just leaving someone unable to log in). A workaround has been implemented for Debian Edu but I think other (standard Debian) packages could be affected, perhaps during d-i too. Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
