Bug#355541: gossip: world-readable password
Emmanuel Beffara
manu at beffara.org
Mon Mar 6 10:49:51 UTC 2006
Package: gossip
Version: 0.10.1-1
Severity: grave
Tags: security
Justification: user security hole
In Gossip version 0.10, the passwords are stored in clear text in
~/.gnome2/Gossip/accounts.xml, which is a world-readable file. Passwords
should at least be stored in gnome2-private, or in a file with restricted
rights, or using some encryption, or any combination of these.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (900, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Versions of packages gossip depends on:
ii gconf2 2.12.1-9 GNOME configuration database syste
ii libc6 2.3.5-13 GNU C Library: Shared libraries an
ii libgconf2-4 2.12.1-9 GNOME configuration database syste
ii libglade2-0 1:2.5.1-2 library to load .glade files at ru
ii libglib2.0-0 2.8.6-1 The GLib library of C routines
ii libgnome2-0 2.12.0.1-5 The GNOME 2 library - runtime file
ii libgnomeui-0 2.12.1-1 The GNOME 2 libraries (User Interf
ii libgnomevfs2-0 2.12.2-5 GNOME virtual file-system (runtime
ii libgtk2.0-0 2.8.12-1 The GTK+ graphical user interface
ii libloudmouth1-0 1.0.1-4 Lightweight C Jabber library
ii libpango1.0-0 1.10.3-1 Layout and rendering of internatio
ii libpopt0 1.7-5 lib for parsing cmdline parameters
ii libx11-6 6.9.0.dfsg.1-4 X Window System protocol client li
ii libxml2 2.6.23.dfsg.2-2 GNOME XML library
ii libxslt1.1 1.1.15-4 XSLT processing library - runtime
ii libxss1 6.9.0.dfsg.1-4 X Screen Saver client-side library
gossip recommends no packages.
-- no debconf information
More information about the Pkg-gnome-maintainers
mailing list