1.06 03/23/2007 - MP2/AuthDBI: Fixed Apache::AuthDBI::debug() to actually work. Submitted by: [Kevin Appel <kappel@tgic.com>] - Bump minium required perl version to 5.6.1 to match DBI (Changes in DBI 1.49 (svn rev 2287), 29th November 2005) Philip M. Gollucci <pgollucci@p6m7g8.com> Quote from http://www.freebsd.org/cgi/query-pr.cgi?pr=110789 Previously $Apache::AuthDBI::DEBUG = 0 was broken so that logging was effectively ALWAYS on in function debug(). This will also log passwords with no way to turn this off.
perl please advise and bump as necessary.
bumped. not sure on severity (wouldn't say its high, personally - yes, its bad to reveal passwords under any circumstance, but only under debug in this case)
Thx Michael for the info. Arches please test and mark stable. Target keywords are: Apache-DBI-1.06.ebuild:KEYWORDS="alpha amd64 ia64 ppc sparc x86"
Now actually calling arches.
ia64 stable
x86 stable
sparc stable.
ppc stable
Alpha done. - ferdy
amd64 stable
gsla time? (just checking in since last arch reported in a few days ago). Thanks :)
This one is ready for GLSA decision. I tend to vote NO.
I vote no; you would hopefully only ever have DEBUG on in a development or staging environment, where there wouldn't be a critical information loss.
tend to vote no that makes 2 full votes against a GLSA -> closing