Package: libfvde-utils Version: 20160918-1+b1 Severity: important Dear Maintainer,
fvdeinfo and fvdemount only accept passwords as command-line options (-p or -r). However, this is not an appropriate method for providing the password, since the process command-line is visible to all users and processes on the system. These utilities should be able to accept passwords on STDIN. I have marked the severity of the bug as "important" because while the problem doesn't prevent the package from working, and it may still be good to use in an emergency, it exposes the user's credentials in a way that would be unacceptable on a routine basis. Thanks. -nandhp -- System Information: Debian Release: 9.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libfvde-utils depends on: ii libbfio1 20160108-1 ii libc6 2.24-11+deb9u1 ii libfuse2 2.9.7-1 ii libfvde1 20160918-1+b1 libfvde-utils recommends no packages. libfvde-utils suggests no packages. -- no debconf information
