*** This bug is a security vulnerability ***
You have been subscribed to a public security bug:
Binary package hint: seahorse-plugins
gedit package: 2.24.2-0ubuntu1 (intrepid-updates)
seahorse-plugins package: 2.24.1-0ubuntu1 (intrepid)
All texts processed by the seahorse plugin for gedit are silently sent to
gedit's standard output. Consequently, when gedit is launched via a launcher or
the applications menu, all texts processed by the plugin, including decrypted
text, are sent to the ~/.xsession-errors log file which is by default world
readable.
Any other user in the system is thus able to read the decrypted text until
another session is restarted and the ~/.xsession-errors file is overwritten.
Moreover, the decrypted text having been written to disk, it is remotely
possible to recover it with a disk analysis, depending on the circumstances,
all that without the user being aware of it.
** Affects: seahorse-plugins
Importance: Unknown
Status: Unknown
** Affects: seahorse-plugins (Ubuntu)
Importance: Medium
Assignee: Ubuntu Desktop Bugs (desktop-bugs)
Status: New
--
Security hole in the gedit plugin
https://bugs.edge.launchpad.net/bugs/307863
You received this bug notification because you are a member of Ubuntu Desktop
Bugs, which is a bug assignee.
--
desktop-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
