On Mon, 17 Sep 2007 10:52:22 +0100, Sam Morris writes:
>Package: duplicity
>Version: 0.4.3-1
>Severity: grave
>Tags: security
>Justification: user security hole
>
>Password details are passed to ncftp on the command line rather than via
>a file descriptor, environment variable or some other method
Package: duplicity
Version: 0.4.3-1
Severity: grave
Tags: security
Justification: user security hole
Password details are passed to ncftp on the command line rather than via
a file descriptor, environment variable or some other method that would
keep the data private.
$ pgrep -fl ncftp
1153 sh -c
2 matches
Mail list logo
