I can only assume you're correct. I have no intention of updating this
package to testing or unstable, as it is critical. I hope a limited
security update becomes available for stable soon.
Matt Flaschen
Christian Perrier wrote:
Quoting Matthew Flaschen ([EMAIL PROTECTED]):
Package: login
Version: 4.0.3-31sarge8
The problem is that after you type the username, but before the program
begins taking password input, it is possible to type directly into the
shell. This means that if someone begins typing their password
prematurely will have it displayed on screen, and logged.
I absolutely can't reproduce this with login 4.0.18.1-2, ie the
version in unstable (and soon testing).
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
