Summary: | <app-admin/keepassx-0.4.4: passwords stored in plain text file when export is cancelled (CVE-2015-8378) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | polynomial-c, tgurr |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1286730 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-12-01 13:40:38 UTC
commit 40f4c38ff1f938261bac47902b28b6f465aa44b7 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Fri Dec 11 15:06:40 2015 app-admin/keepassx: Security bump to version 0.4.4 https://www.keepassx.org/news/2015/12/551 Fixes CVE-2015-8359 and CVE-2015-8378 Package-Manager: portage-2.2.26 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> By the way, the affected version (0.4.3) has been marked stable in Gentoo, so we need to react here. Whiteboard corrected: Please advise when ready to go stable Been in tree for more then 30 days, calling for stabilization. Arches, please test and mark stable: =app-admin/keepassx-0.4.4 Target Keywords : "amd64 ppc x86" Thank you! amd64 stable x86 stable ppc stable. Maintainer(s), please cleanup. Security, please vote. Arches, Thank you for your work. GLSA Vote: Yes New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s). Cleanup complete and opened for pending GLSA. Bump. This has been resolved in the tree for a while now. GLSA is long overdue and not required. GLSA Vote: No |