On Mon, 17 Sep 2007 10:52:22 +0100, Sam Morris writes: >Package: duplicity >Version: 0.4.3-1 >Severity: grave >Tags: security >Justification: user security hole > >Password details are passed to ncftp on the command line rather than via >a file descriptor, environment variable or some other method that would >keep the data private.
thanks for spotting these two ftp-related bugs; a fix is forthcoming and a new version will be uploaded tonight. regards az -- + Alexander Zangerl + DSA 42BD645D + (RSA 5B586291) He who joyfully marches to music in rank and file has already earned my contempt. He has been given a large brain by mistake, since for him the spinal cord would fully suffice. -- Einstein
signature.asc
Description: Digital Signature
