Package: keepassx Version: 2.0.3-1 Severity: grave Tags: security Justification: user security hole
Dear Maintainer, keepassx 2.0.3-1 (in Debian "stretch") fails to clear the clipboard history after a password has been copied to the clipboard. The keepassx security settings has "Clear clipboard after 10 seconds" enabled. To reproduce, - select an entry with a stored password in the keepassx database - press ctrl-C to copy the password to the clipboard - after 10 seconds (default setting), the password should disappear from the clipboard history - click on the clipboard icon in the panel, the password is visible This is using the KDE Desktop installation, and hence the KDE clipboard. The KDE clipboard has a setting to prevent the clipboard from being emptied, but this setting does not change the behaviour. -- System Information: Debian Release: 9.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=da_DK.UTF-8, LC_CTYPE=da_DK.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages keepassx depends on: ii libc6 2.24-11+deb9u1 ii libgcrypt20 1.7.6-2 ii libqtcore4 4:4.8.7+dfsg-11 ii libqtgui4 4:4.8.7+dfsg-11 ii libstdc++6 6.3.0-18 ii libx11-6 2:1.6.4-3 ii libxi6 2:1.7.9-1 ii libxtst6 2:1.2.3-1 ii zlib1g 1:1.2.8.dfsg-5 keepassx recommends no packages. keepassx suggests no packages. -- no debconf information