Debian Security Advisory 1501-1 - Tobias Gruetzmacher discovered that a Debian-provided CRON script in dspam, a statistical spam filter, included a database password on the command line when using the MySQL backend. This allowed a local attacker to read the contents of the dspam database, such as emails.
83c513ad520fd2159e715aeb3ec2e2bc13585a139d2efadad7d9d06c9d0156c1