Package: gnome-gv Version: 1:2.8.2-3 Severity: grave Tags: security Justification: user security hole
When ggv is started, a lot of network traffic can be seen. When viewed with ethereal, it can be seen that many DNS-queries are made, to domains that resemble document-names from the local system, e.g.: "Standard query AAAA ckend_programming.pdf" (quote Ethereal) ....it then goes on to try other DNS servers and local domain names from /etc/resolv.conf Other examples of queries made are: "Standard query AAAA 1a_opg5-2.pdf" (I have had a document called "Ma1a_opg5-2.pdf") "Standard query AAAA ut_quickstart-22-07-2004_17-18-01.sxw" I have a document on my desktop called "backend_programming.pdf", but besides that I can't see where the filenames come from - they are all documents I have opened at some point in time, missing the first few letters. Whether I have had them all opened with ggv, I don't know. Some file-names are .gif, some .pdf, some .sxw, some .zip. It could be a misconfiguration, since I run Gnome 2.10 from experimental, and my installation has been upgraded from the "woody" days. Please write back, if you need further information. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (600, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.11.9 Locale: LANG=da_DK, LC_CTYPE=da_DK (charmap=ISO-8859-1) Versions of packages gnome-gv depends on: ii desktop-file-utils 0.10-1 Utilities for .desktop files ii gconf2 2.10.0-1 GNOME configuration database syste ii gs 8.01-5 Transitional package ii gs-esp [gs] 7.07.1-9 The Ghostscript PostScript interpr ii gs-gpl [gs] 8.01-5 The GPL Ghostscript PostScript int ii libart-2.0-2 2.3.17-1 Library of functions for 2D graphi ii libatk1.0-0 1.9.0-1 The ATK accessibility toolkit ii libaudiofile0 0.2.6-6 Open-source version of SGI's audio ii libbonobo2-0 2.8.1-2 Bonobo CORBA interfaces library ii libbonoboui2-0 2.8.1-2 The Bonobo UI library ii libc6 2.3.4-3 GNU C Library: Shared libraries an ii libesd0 0.2.35-2 Enlightened Sound Daemon - Shared ii libgconf2-4 2.10.0-1 GNOME configuration database syste ii libgcrypt11 1.2.0-4 LGPL Crypto library - runtime libr ii libglib2.0-0 2.6.4-1 The GLib library of C routines ii libgnome-keyring0 0.4.2-1 GNOME keyring services library ii libgnome2-0 2.10.0-1 The GNOME 2 library - runtime file ii libgnomecanvas2-0 2.8.0-1 A powerful object-oriented display ii libgnomeui-0 2.10.0-1 The GNOME 2 libraries (User Interf ii libgnomevfs2-0 2.10.0-1 The GNOME virtual file-system libr ii libgnutls11 1.0.16-9 GNU TLS library - runtime library ii libgpg-error0 1.0-1 library for common error values an ii libgtk2.0-0 2.6.4-1 The GTK+ graphical user interface ii libice6 4.3.0.dfsg.1-12.0.1 Inter-Client Exchange library ii libjpeg62 6b-9 The Independent JPEG Group's JPEG ii liborbit2 1:2.12.2-1 libraries for ORBit2 - a CORBA ORB ii libpango1.0-0 1.8.1-1 Layout and rendering of internatio ii libpopt0 1.7-5 lib for parsing cmdline parameters ii libsm6 4.3.0.dfsg.1-12.0.1 X Window System Session Management ii libtasn1-2 0.2.10-4 Manage ASN.1 structures (runtime) ii libx11-6 4.3.0.dfsg.1-12.0.1 X Window System protocol client li ii libxml2 2.6.16-7 GNOME XML library ii scrollkeeper 0.3.14-10 A free electronic cataloging syste ii xlibs 4.3.0.dfsg.1-12 X Keyboard Extension (XKB) configu ii zlib1g 1:1.2.2-4 compression library - runtime -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
