On Wed, Oct 13, 2010 at 04:30:26PM +0200, Ansgar Burchardt wrote:
> Hi,
>
> libapache-authenhook-perl logs passwords in Apache's error.log if the
> log level is >= info[1]. I prepared an update for Lenny including the
> same patch used for testing/unstable (already unblocked[2] as well).
>
> Should this go through stable-security or does the security team see
> this as a minor issue that should be fixed in the next point release?
> In the former case, shall I upload a package based on the attached patch
> to stable-security?
Since the impact is minor, please fix it through a point update.
I'll request a CVE ID for it and keep you CCed, maybe you can
hold off the upload for a few days until it's available? (The
next point update will take a few weeks anyway)
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
