Ansgar Burchardt discovered several vulnerabilities in DTC, a web
control panel for admin and accounting hosting services.
This update introduces a new configuration option which controls the
presence of cleartext passwords in email messages. The default is not
to include cleartext passwords.
For the oldstable distribution (lenny), this problem has been fixed in
version 0.29.17-1+lenny1.
The stable distribution (squeeze) and the testing distribution
(wheezy) do not contain any dtc packages.
For the unstable distribution (sid), this problem has been fixed in
version 0.32.10-1.
We recommend that you upgrade your dtc packages.