diff -Nru nut-2.7.2/debian/changelog nut-2.7.2/debian/changelog --- nut-2.7.2/debian/changelog 2015-01-17 23:40:57.000000000 +1300 +++ nut-2.7.2/debian/changelog 2015-02-13 12:21:44.000000000 +1300 @@ -1,3 +1,10 @@ +nut (2.7.2-2) testing; urgency=medium + + * Add NEWS warning about possible password exposure in NUT-Monitor + (Closes: #777706) + + -- Michael Fincham Fri, 13 Feb 2015 11:39:10 +1300 + nut (2.7.2-1.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru nut-2.7.2/debian/NEWS nut-2.7.2/debian/NEWS --- nut-2.7.2/debian/NEWS 2014-04-23 08:46:17.000000000 +1200 +++ nut-2.7.2/debian/NEWS 2015-02-13 12:22:36.000000000 +1300 @@ -1,3 +1,15 @@ +nut (2.7.2-2) testing; urgency=medium + + Since version 1.2 NUT-Monitor uses safer directory permissions when + creating ~/.nut-monitor. + + Please note that passwords stored in NUT-Monitor prior to this change + may have been exposed, and it is recommended that they be reset and any + ~/.nut-monitor directories have their permissions updated to disallow + world read access. + + -- Michael Fincham Fri, 13 Feb 2015 11:57:12 +1300 + nut (2.6.5-1) experimental; urgency=low mge-shut driver has been replaced by a new implementation (newmge-shut).