Package: quassel-client
Version: 1:0.12.2-2
Severity: grave
Tags: security
Justification: user security hole

As I was trying to setup CertFP I had a look at
~/.config/quassel-irc.org and noticed the following:
-rw-r--r-- 1 diederik diederik 8101 nov 28 03:01 quasselclient.conf

Looking into that file I could easily see my password and that combined
with the security settings of that file did not make me happy.


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages quassel-client depends on:
ii  dbus-x11              1.10.4-1
ii  gawk                  1:4.1.1+dfsg-1
ii  libc6                 2.19-22
ii  libdbusmenu-qt5-2     0.9.3+15.10.20150604-1
ii  libkf5configwidgets5  5.15.0-1
ii  libkf5coreaddons5     5.15.0-1
ii  libkf5notifications5  5.15.0-1
ii  libkf5notifyconfig5   5.15.0-1
ii  libkf5sonnetui5       5.15.0-1
ii  libkf5textwidgets5    5.15.0-1
ii  libkf5widgetsaddons5  5.15.0-1
ii  libkf5xmlgui5         5.15.0-1
ii  libphonon4qt5-4       4:4.8.3-2
ii  libqt5core5a          5.5.1+dfsg-8
ii  libqt5dbus5           5.5.1+dfsg-8
ii  libqt5gui5            5.5.1+dfsg-8
ii  libqt5network5        5.5.1+dfsg-8
ii  libqt5webkit5         5.5.1+dfsg-2
ii  libqt5widgets5        5.5.1+dfsg-8
ii  libstdc++6            5.2.1-26
ii  phonon4qt5            4:4.8.3-2
ii  quassel-data          1:0.12.2-2
ii  zlib1g                1:1.2.8.dfsg-2+b1

quassel-client recommends no packages.

quassel-client suggests no packages.

-- no debconf information

_______________________________________________
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

Reply via email to