Package: apt Version: 0.5.28.1 Severity: grave Tags: security Justification: user security hole
During install apt.conf is written; including proxy configuration if needed. The Proxy string is stored in apt.conf but permissions allow group and others to read apt.conf hence to get the proxy password which could even be a real users password. Best regards, Alexander Mader. -- Package-specific info: -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages apt depends on: ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libgcc1 1:3.4.3-12 GCC support library ii libstdc++5 1:3.3.5-8 The GNU Standard C++ Library v3 -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
