Bug#659296: surf: world-readable cookie jar
* Jakub Wilk jw...@debian.org, 2012-02-10, 00:05:
$ ls -ld ~/.surf/{,cookies.txt}
drwxr-xr-x 2 user users 4096 Feb 9 22:59 /home/user/.surf/
-rw-r--r-- 1 user users 406 Feb 9 22:59 /home/user/.surf/cookies.txt
CVE-2012-0842 was assigned to this bug.
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120210154603.ga1...@jwilk.net
Bug#659296: surf: world-readable cookie jar
Package: surf
Version: 0.4.1-4.1
Severity: grave
Tags: security
Justification: user security hole
$ ls -ld ~/.surf/{,cookies.txt}
drwxr-xr-x 2 user users 4096 Feb 9 22:59 /home/user/.surf/
-rw-r--r-- 1 user users 406 Feb 9 22:59 /home/user/.surf/cookies.txt
This allows local users to steal cookies.
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages surf depends on:
ii libatk1.0-0 2.2.0-2
ii libc6 2.13-26
ii libcairo2 1.10.2-6.2
ii libfontconfig1 2.8.0-3.1
ii libfreetype62.4.8-1
ii libgdk-pixbuf2.0-0 2.24.0-2
ii libglib2.0-02.30.2-6
ii libgtk2.0-0 2.24.8-3
ii libpango1.0-0 1.29.4-2
ii libsoup2.4-12.34.3-1
ii libwebkitgtk-1.0-0 1.6.1-5+b1
ii libx11-62:1.4.4-4
ii suckless-tools 38-1
ii wget1.13.4-2
ii x11-utils 7.6+4
ii xterm 276-2
--
Jakub Wilk
--
To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120209230541.ga1...@jwilk.net
