Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 774759

Summary: <dev-python/aiosmtpd-1.4.2: sensitive AUTH information leak via logging
Product: Gentoo Security Reporter: Michał Górny <mgorny>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: prometheanfire, python
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2021-03-08 07:14:52 UTC 
+Security Considerations
+=======================
+
+We have taken steps to prevent leakage of sensitive information (i.e., password) through logging
+by overriding the ``__repr__`` and ``__str__`` methods of the :class:`AuthResult` and
+:class:`LoginPassword` classes.
Comment 1 NATTkA bot gentoo-dev Security 2021-03-08 07:16:52 UTC 
Unable to check for sanity:

> no match for package: dev-python/aiosmtpd-1.4.2
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-04-02 17:08:51 UTC 
No stable versions so no need to stable. Please cleanup.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-07-24 06:02:20 UTC 
All done!