Package: docbookwiki
Severity: important

Hi,

The postrm script of docbookwiki exposes a mysql password in ps output:

    MYSQLPASS=`grep -m 1 password /etc/mysql/debian.cnf | awk '{print $3}'`
    /etc/init.d/mysql status && echo "drop database if exists webnotes ;" \
    | mysql --user=debian-sys-maint --password=$MYSQLPASS \

-S



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to