I'm not sure what to do with this. Maybe it's not good idea to ship it if it can't do it's primary function properly? http://lists.fedoraproject.org/pipermail/devel/2012-June/168607.html http://knoxin.blogspot.co.uk/2012/06/revelation-password-manager-considered.html
Bumped to 0.4.14 which migrates files to a new format on save. I'll let you decide whether it's secure enough.
(In reply to comment #1) > Bumped to 0.4.14 which migrates files to a new format on save. I'll let you > decide whether it's secure enough. I'll take the easy way out: http://pkgs.fedoraproject.org/gitweb/?p=revelation.git;a=commit;h=8f536dddb99d965a1a0663a6cea9cec486182d77 "Upstream pre-release which addresses weak encryption format. - This version will detect old encryption format and will prompt you to re-save in new format." So let's do the normal stabilization route for: =x11-misc/revelation-0.4.14
amd64 stable
ppc done
x86 stable
Thanks, everyone. GLSA vote: no.
CVE-2012-3818 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3818): The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information.
Thanks, folks. GLSA Vote: no, too. Closing noglsa.