Package: coquelicot
Version: 0.9.2-2
Severity: minor
Tags: upstream
Dear Maintainer,
This seems to be an upstream bug too.
* What led up to the situation?
Configured coquelicot to use the supplied IMAP authentication module, then
while testing for use of IMAPS (not plaintext authentication) I tried a
login with fictional user details.
* What exactly did you do (or not do) that was effective (or
ineffective)?
Our mail server was configured to not reply for bad login attempt, so after
a timeout coquelicot borked.
* What was the outcome of this action?
It spilled a very large amount of debug text (including entered username,
etc) to the browser.
* What outcome did you expect instead?
The standard minimal "can not authenticate" text.
=> I hand-edited the system info below because I encountered the bug on a
server I remotely administrate, but for security reasons I am not able to
report it from within the server.
-- System Information:
Debian Release: wheezy (with "apt-get -t jessie install coquelicot" only)
Architecture: amd64 (x86_64)
--
Rowan Thorpe
mailto:ro...@rowanthorpe.com
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
