Moritz Muehlenhoff <j...@inutil.org> writes: > On Wed, Oct 13, 2010 at 04:30:26PM +0200, Ansgar Burchardt wrote: >> libapache-authenhook-perl logs passwords in Apache's error.log if the >> log level is >= info[1]. I prepared an update for Lenny including the >> same patch used for testing/unstable (already unblocked[2] as well). >> >> Should this go through stable-security or does the security team see >> this as a minor issue that should be fixed in the next point release? >> In the former case, shall I upload a package based on the attached patch >> to stable-security? > > Since the impact is minor, please fix it through a point update. > > I'll request a CVE ID for it and keep you CCed, maybe you can > hold off the upload for a few days until it's available? (The > next point update will take a few weeks anyway)
Sure. I'll prepare an upload and contact the stable release team once I get the CVE ID. Regards, Ansgar -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
