Package: pootle
Version: 2.0.1-2

This is a little security problem, which should be at
least documented in README.Debian:

If one opens the pootle server start page one can see
information without being logged in. E.g. everyone can see
"Latest News" and "Top Contributors". Furthermore the page
https://myserver/mypootle/accounts/ shows a list of all
user names with first and last name to the world.

This means that e.g. in a company environment access to
pootle (at least the current Debian version) must be
restricted by further measures.




--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to