Your message dated Tue, 20 Oct 2015 01:19:04 +0000
with message-id <e1zolzw-000685...@franck.debian.org>
and subject line Bug#801757: fixed in pinentry 0.9.6-3
has caused the Debian Bug report #801757,
regarding Pinentry displays password while typing
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
801757: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801757
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package: pinentry-gtk2
Version: 0.9.6-2
Severity: grave
In newest version, pinentry is displaying password when typing. (It is
displaying the last letter but a observer can easily read the password.)
That is a big security issue that renders pinentry completely unusable in
any environment where one is not alone sitting in a dark cabin. When
working in a big office, that is insane!
Please revert that recent change back to the secure way of just
displaying dots.
- -- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (800, 'unstable'), (500, 'testing'), (110, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.0.7 (SMP w/8 CPU cores)
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) (ignored: LC_ALL set to
de_DE)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages pinentry-gtk2 depends on:
ii libassuan0 2.3.0-1
ii libc6 2.19-22
ii libglib2.0-0 2.46.0-2
ii libgpg-error0 1.20-1
ii libgtk2.0-0 2.24.28-1
ii libncursesw5 6.0+20150810-1
ii libsecret-1-0 0.18.3-1
ii libtinfo5 6.0+20150810-1
pinentry-gtk2 recommends no packages.
Versions of packages pinentry-gtk2 suggests:
ii pinentry-doc 0.9.6-2
- -- no debconf information
- --
Klaus Ethgen http://www.ethgen.ch/
pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <kl...@ethgen.de>
Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQGcBAEBCgAGBQJWHhzaAAoJEKZ8CrGAGfasJo0L/jH9Uf5x+qUagHhM0noEAu7r
eOZbe6oEGiPZEIdnQW6F+ndCYW35V57dm0H/X5aHIbBzmJ7e2vR6LCnfmMjQnbT3
FW4WiBU1t2D/8yucUD+PdlbqdKJoCjfW23SRvlL1d0/wa/Qb++rdkJyZqIYgWEjH
7OzY1uLlMJo0bTCYRwq2U+0h3Nj024oSktxpi84L8FZjy8kpfbEDClkT4fRUeDKq
ly/O7DsEPB3jUBGD8uUvoQZvoDj4eyGe5lTfb0gFLhuq4WrJVKN+r0p0Ysd0FVsE
xqeiicvZDVxXtIDYWG7XbL9FQ8hTOAdXKkuAFyOWF/PTv9fkQ+fviSSruxS6Urck
oVYOGKYnDp83KxFBUR5iCV9NqtUW6WBXHQS47irvF7eR/i+eJE1NR3zj1lT5VY/z
1BrAbXT5KbUG1Lb1UAl7+fHiPh9mvOv1Mr5jPvL8EtpI5Lhx298bZMKxErqu5yMA
nj7gekhyrVG6n9cDBR0Dn3lcaTAWdDo6s5p1hTFaAA==
=w367
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: pinentry
Source-Version: 0.9.6-3
We believe that the bug you reported is fixed in the latest version of
pinentry, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 801...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Kahn Gillmor <d...@fifthhorseman.net> (supplier of updated pinentry
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 19 Oct 2015 20:40:16 -0400
Source: pinentry
Binary: pinentry-curses pinentry-tty pinentry-qt pinentry-qt4 pinentry-gtk2
pinentry-gnome3 pinentry-doc
Architecture: source
Version: 0.9.6-3
Distribution: unstable
Urgency: medium
Maintainer: Debian GnuPG Maintainers <pkg-gnupg-ma...@lists.alioth.debian.org>
Changed-By: Daniel Kahn Gillmor <d...@fifthhorseman.net>
Description:
pinentry-curses - curses-based PIN or pass-phrase entry dialog for GnuPG
pinentry-doc - documentation for pinentry packages
pinentry-gnome3 - GNOME 3 PIN or pass-phrase entry dialog for GnuPG
pinentry-gtk2 - GTK+-2-based PIN or pass-phrase entry dialog for GnuPG
pinentry-qt - Qt-based PIN or pass-phrase entry dialog for GnuPG
pinentry-qt4 - Qt-based PIN or pass-phrase entry dialog for GnuPG (transitional
pinentry-tty - minimal dumb-terminal PIN or pass-phrase entry for GnuPG
Closes: 801757
Changes:
pinentry (0.9.6-3) unstable; urgency=medium
.
* added NEWS entry for pinentry-gtk2 (Closes: #801757)
Checksums-Sha1:
6a66188cf144055dcc8607a386b0b55f30cce151 2661 pinentry_0.9.6-3.dsc
755a4665ef4bc3994b6ef7b666fb9df6e5f60fad 12112 pinentry_0.9.6-3.debian.tar.xz
Checksums-Sha256:
4956e51e0256e0378df6568cf5151b50437ba4979038891e0a431d049dced097 2661
pinentry_0.9.6-3.dsc
66306829db5c16dfb913be49a6cddde3ebc7e074d8770592beb96e2df895c0e9 12112
pinentry_0.9.6-3.debian.tar.xz
Files:
350075f2bb09f0887401e56f8ff12eb5 2661 utils optional pinentry_0.9.6-3.dsc
0b712d6f907717d5923c943bf0d295bd 12112 utils optional
pinentry_0.9.6-3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJWJZGlXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB
NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpcNKYQALo9BW+EXvMwaeSF+Q3It3al
ddbo9kCBJR/Zyh+Goepx1hxAnf1fwBlQ0ptqIQ+CQjf2OTQf3Ou4zt+cDtdVbmWX
J5OguAM32Z3Tgqym/e2sUNEWkTgnO0eR4hdBd4UblD+I2iwv7Drx0PwXNSSxqokS
7IUUw71ZAYmNRo4HCXz0h8O5MEO1RXph0E2huT8OeSwvZraoxiY1atEAp9e4fRmJ
W5Dqsxdyb9qvxEvJVjDrr2ocJNvwfy1wCdewazYSBDawQuZ8Akn8vZW62XqcB5Gp
wyDNeE5Pxgxf3WjxYyKT7eaIc9Cv5+tLel5cCx0RFV0IFWUP5V6GYPngjDRCX/CF
7b6z3LUBibgwXq2FD+Srtc1+31s3XNkkNEzmESmYMMKKWvwiDvat/bOh2/9U7PIi
SuZgPpbbowWaTZ3X8ljoHmhABdGxErWHUGMFgHok6lIpyVLiVx1ZMgYpFixfeyUK
9luIXpL2PhDBHy8QndzgGPLhRCyZ7i7r8sh+mKdevXROhI6quP4/gU+jrR3TT519
u1HvDzrnj/4yjf1FPbu+r3dotd4cpFjA+hmgjnzZ6f9LT4yLRDsC0+IeDA1Y5mbP
b1ML4rglNzpgIhHXibbvSoH7QmpZngsGALsMchDUX36Xgc421QrlLqRblWTsZJAp
xO9meX+pYlJ2kKxEFlDt
=RqAc
-----END PGP SIGNATURE-----
--- End Message ---
