[Pkg-owncloud-maintainers] Bug#737609: owncloud-client: owncloud password stored in world readable config file in plain-text
Jogi Hofmueller
jogi at mur.at
Tue Feb 4 08:50:40 UTC 2014
Package: owncloud-client
Version: 1.5.0+dfsg-4
Severity: important
Dear Maintainer,
owncloud-client stores the owncloud user password in the world readable file
..local/share/data/ownCloud/owncloud.cfg in plain-text. According to
http://owncloud.org/sync-clients/releases/ this should not be the case since
version 1.0.1 but still exists in the current Debian package 1.5.0+dfsg-4
(jessie/testing).
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages owncloud-client depends on:
ii libc6 2.17-97
ii libgcc1 1:4.8.2-14
ii libneon27-gnutls 0.30.0-1
ii libocsync0 0.91.4-1
ii libowncloudsync0 1.5.0+dfsg-4
ii libqt4-dbus 4:4.8.5+git209-g718fae5+dfsg-1
ii libqt4-network 4:4.8.5+git209-g718fae5+dfsg-1
ii libqt4-sql 4:4.8.5+git209-g718fae5+dfsg-1
ii libqt4-sql-sqlite 4:4.8.5+git209-g718fae5+dfsg-1
ii libqt4-xml 4:4.8.5+git209-g718fae5+dfsg-1
ii libqt4-xmlpatterns 4:4.8.5+git209-g718fae5+dfsg-1
ii libqtcore4 4:4.8.5+git209-g718fae5+dfsg-1
ii libqtgui4 4:4.8.5+git209-g718fae5+dfsg-1
ii libqtkeychain0 0.1.0-2
ii libqtwebkit4 2.2.1-7
ii libstdc++6 4.8.2-14
ii owncloud-client-l10n 1.5.0+dfsg-4
owncloud-client recommends no packages.
owncloud-client suggests no packages.
-- no debconf information
More information about the Pkg-owncloud-maintainers
mailing list