Your message dated Mon, 07 Dec 2015 21:47:06 +0000 with message-id <[email protected]> and subject line Bug#791858: fixed in keepassx 0.4.3+dfsg-0.1+deb8u1 has caused the Debian Bug report #791858, regarding keepassx: CVE-2015-8378: canceling export operation creates cleartext copy of all of the user's KeePassX password database entries to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 791858: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=791858 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: keepassx Version: 0.4.3+dfsg-0.1 Severity: important Tags: newcomer Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? Klick on file/export_to/KeepassX XML-File * What exactly did you do (or not do) that was effective (or ineffective)? Test and check the functions on keepass. This will be save an invisivle .xml file in your home directory. * What was the outcome of this action? The Passwortlist is accessible in plaintext * What outcome did you expect instead? This effekt is also in my arch / manjaro-linux-package of keepassx Thanks for help Hopefully! :-) -- System Information: Debian Release: 8.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages keepassx depends on: ii libc6 2.19-18 ii libgcc1 1:4.9.2-10 ii libqt4-xml 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 ii libqtcore4 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 ii libqtgui4 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 ii libstdc++6 4.9.2-10 ii libx11-6 2:1.6.2-3 ii libxtst6 2:1.2.2-1+b1 keepassx recommends no packages. keepassx suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: keepassx Source-Version: 0.4.3+dfsg-0.1+deb8u1 We believe that the bug you reported is fixed in the latest version of keepassx, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reinhard Tartler <[email protected]> (supplier of updated keepassx package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 05 Dec 2015 13:15:11 -0500 Source: keepassx Binary: keepassx Architecture: source amd64 Version: 0.4.3+dfsg-0.1+deb8u1 Distribution: jessie Urgency: medium Maintainer: Reinhard Tartler <[email protected]> Changed-By: Reinhard Tartler <[email protected]> Description: keepassx - Cross Platform Password Manager Closes: 791858 Changes: keepassx (0.4.3+dfsg-0.1+deb8u1) jessie; urgency=medium . * Add patch that fixes CVE-2015-8378 (Closes: #791858) Checksums-Sha1: 136e0cbda11f93c331285e51a32c3377ea6fef84 1825 keepassx_0.4.3+dfsg-0.1+deb8u1.dsc 0425698eec90dc967b322662e53f0c11104040cd 12532 keepassx_0.4.3+dfsg-0.1+deb8u1.debian.tar.xz fdd8eeb6c4a8187fe303e5d30e0c2111c9831cf8 749354 keepassx_0.4.3+dfsg-0.1+deb8u1_amd64.deb Checksums-Sha256: b4e45bf7c0073aa8f63d836f6609ec6b1bdad8f4b5fa7e316e371491b2d2262c 1825 keepassx_0.4.3+dfsg-0.1+deb8u1.dsc 2ed1be589b8ed76586b87cfc0de8835e088bbd5466739a3df1784c821d17c9f5 12532 keepassx_0.4.3+dfsg-0.1+deb8u1.debian.tar.xz d6037acc1b3e4b134cd2707ab7fec85c24b01f68b0655e06f9fc9907a887447b 749354 keepassx_0.4.3+dfsg-0.1+deb8u1_amd64.deb Files: 4efaf78ea4223104b79559878ee19779 1825 utils optional keepassx_0.4.3+dfsg-0.1+deb8u1.dsc 0f6e9240fcef9b7ec478e7b979f695fd 12532 utils optional keepassx_0.4.3+dfsg-0.1+deb8u1.debian.tar.xz dbb363054bf18cdbc0439a3c07c6e204 749354 utils optional keepassx_0.4.3+dfsg-0.1+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Debian Powered! iQGcBAEBAgAGBQJWZNFnAAoJEIuAbIZKeKRFAswMALBoW4g2rH3eJYD6MYkZPuH+ 5f1SxOjwVOqHFapWDLb1XtmiegyrzAaqOZtJsmCq8vDqPyydoK04ylfej1ffalCp NMECG2cYjCGAE4QGB5AD+Jz/TefK+hHaTpgts903FPq8G/+zIsJRp4N1A1HkS+a0 wcPuB6gIL9/iMshRLn4h+TckjmB13ouC55CX7Ifw2zdfMlaDtg/i1KprR2IhDnwT VyHPpHVFv+4NmzjL0K72lChzknTIKPxVmbpyOlA93l18qIBss739BWbch8O77wRi fpxTYwj53lZQKVXDuBJdaN+zfFAMvZU8XdqbqyWrYjMzrx0GqRaLU8r7WijaVIAs Z/S20CHxDQZySaSpHqpR6v/MSv+T0S94L3Gv2542A5b6GuXu8Hh1Mo5SFAcJpRAb cdZNcqq4JNilbXYEzAUNSztD2xlb6aDne5LAsAy2oYyhptisCsgAvI2BJyiSOwT2 UJoox35See2YM95pqFKiF3iZNouKa1a25W30FsWktQ== =va1u -----END PGP SIGNATURE-----
--- End Message ---
