Control: retitle -1 kedpm: CVE-2017-8296: Information leak via the command
history file
CVE-2017-8296 has been assigned for this vulnerability.
Regards,
Salvatore
On 2017-04-27 06:24:25, Salvatore Bonaccorso wrote:
> Hi,
>
> On Wed, Apr 26, 2017 at 05:01:30PM -0400, Antoine Beaupr?? wrote:
>> Control: tags -1 +patch
>>
>> I have requested a CVE on the oss-security mailing list.
>
> Please note that requests are done now via
>
> https://cveform.mitre.org/
>
Hi,
On Wed, Apr 26, 2017 at 05:01:30PM -0400, Antoine Beaupr?? wrote:
> Control: tags -1 +patch
>
> I have requested a CVE on the oss-security mailing list.
Please note that requests are done now via
https://cveform.mitre.org/
Can you please fill a request via that channel?
Regards,
Salvator
Control: tags -1 +patch
I have requested a CVE on the oss-security mailing list.
In the meantime, there's this patch that should apply to jessie and can
probably be backported to wheezy as well.
It simply removes the "passwd" entries from the history before it is
written to disk. It will not hid
Source: kedpm
Version: 1.0
Severity: grave
Tags: upstream security
Justification: user security hole
Hello,
I've discovered an information leak that can give some hints about what ppl
search and read in the password manager.
kedpm is creating a history file in ~/.kedpm/history that is written in
5 matches
Mail list logo