Package: gnome-gv
Version: 1:2.8.2-3
Severity: grave
Tags: security
Justification: user security hole
When ggv is started, a lot of network traffic can be seen. When viewed
with ethereal, it can be seen that many DNS-queries are made, to domains
that resemble document-names from the local system, e.g.:
Standard query ckend_programming.pdf (quote Ethereal)
it then goes on to try other DNS servers and local domain names from
/etc/resolv.conf
Other examples of queries made are:
Standard query 1a_opg5-2.pdf (I have had a document called
Ma1a_opg5-2.pdf)
Standard query ut_quickstart-22-07-2004_17-18-01.sxw
I have a document on my desktop called backend_programming.pdf, but
besides that I can't see where the filenames come from - they are all
documents I have opened at some point in time, missing the first few
letters. Whether I have had them all opened with ggv, I don't know. Some
file-names are .gif, some .pdf, some .sxw, some .zip.
It could be a misconfiguration, since I run Gnome 2.10 from
experimental, and my installation has been upgraded from the woody
days. Please write back, if you need further information.
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (600, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.11.9
Locale: LANG=da_DK, LC_CTYPE=da_DK (charmap=ISO-8859-1)
Versions of packages gnome-gv depends on:
ii desktop-file-utils 0.10-1 Utilities for .desktop files
ii gconf2 2.10.0-1GNOME configuration database syste
ii gs 8.01-5 Transitional package
ii gs-esp [gs] 7.07.1-9The Ghostscript PostScript interpr
ii gs-gpl [gs] 8.01-5 The GPL Ghostscript PostScript int
ii libart-2.0-2 2.3.17-1Library of functions for 2D graphi
ii libatk1.0-0 1.9.0-1 The ATK accessibility toolkit
ii libaudiofile00.2.6-6 Open-source version of SGI's audio
ii libbonobo2-0 2.8.1-2 Bonobo CORBA interfaces library
ii libbonoboui2-0 2.8.1-2 The Bonobo UI library
ii libc62.3.4-3 GNU C Library: Shared libraries an
ii libesd0 0.2.35-2Enlightened Sound Daemon - Shared
ii libgconf2-4 2.10.0-1GNOME configuration database syste
ii libgcrypt11 1.2.0-4 LGPL Crypto library - runtime libr
ii libglib2.0-0 2.6.4-1 The GLib library of C routines
ii libgnome-keyring00.4.2-1 GNOME keyring services library
ii libgnome2-0 2.10.0-1The GNOME 2 library - runtime file
ii libgnomecanvas2-02.8.0-1 A powerful object-oriented display
ii libgnomeui-0 2.10.0-1The GNOME 2 libraries (User Interf
ii libgnomevfs2-0 2.10.0-1The GNOME virtual file-system libr
ii libgnutls11 1.0.16-9GNU TLS library - runtime library
ii libgpg-error01.0-1 library for common error values an
ii libgtk2.0-0 2.6.4-1 The GTK+ graphical user interface
ii libice6 4.3.0.dfsg.1-12.0.1 Inter-Client Exchange library
ii libjpeg626b-9The Independent JPEG Group's JPEG
ii liborbit21:2.12.2-1 libraries for ORBit2 - a CORBA ORB
ii libpango1.0-01.8.1-1 Layout and rendering of internatio
ii libpopt0 1.7-5 lib for parsing cmdline parameters
ii libsm6 4.3.0.dfsg.1-12.0.1 X Window System Session Management
ii libtasn1-2 0.2.10-4Manage ASN.1 structures (runtime)
ii libx11-6 4.3.0.dfsg.1-12.0.1 X Window System protocol client li
ii libxml2 2.6.16-7GNOME XML library
ii scrollkeeper 0.3.14-10 A free electronic cataloging syste
ii xlibs4.3.0.dfsg.1-12 X Keyboard Extension (XKB) configu
ii zlib1g 1:1.2.2-4 compression library - runtime
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]