Patrick Franz
2024-04-22 19:40:01 UTC
Reply
PermalinkSeverity: normal
Tags: bookworm
X-Debbugs-Cc: ***@debian.org
User: ***@packages.debian.org
Usertags: pu
[ Reason ]
There is a bug in libkf5sieve where the password instead of the
username is sent when using managesieve and could therefore be
logged on a server as the login will fail.
[ Impact ]
Potentially sensitive passwords are logged on a server.
[ Tests ]
Affected user has successfully tested the patched version.
[ Risks ]
The patch is trivial (1 line is changed) and it's quite obvious
that it was a bug in the first place.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
1-line patch to fix the bug.