Bug#285126: CAN-2004-1171: plain text password exposure
tag 285126 sarge stop here * Joey Hess [Fri, 10 Dec 2004 14:45:15 -0500]: > Package: kdelibs, kdebase > Version: 3.3.2 > Tags: security, patch > Severity: serious > CAN-2004-1171 is about a security hole in KDE that allows for possible > passoword leakage: hi, kdelibs 3.3.1-2 and kdebase 3.3.1-3 have been uploaded to sid, fixing the problem. there is no 3.2 upload to t-p-u planned, since the KDE 3.3 testing transition has now RMs' approval and we're putting our efforts in it happening soon. thanks, -- Adeodato Simó EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621 The pure and simple truth is rarely pure and never simple. -- Oscar Wilde
Processed: Re: Bug#285126: CAN-2004-1171: plain text password exposure
Processing commands for [EMAIL PROTECTED]: > tag 285126 sarge Bug#285126: CAN-2004-1171: plain text password exposure Tags were: patch security Tags added: sarge > stop here Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Bug#285126: CAN-2004-1171: plain text password exposure
* Joey Hess [Fri, 10 Dec 2004 17:38:29 -0500]: > Adeodato Simó wrote: > > I've prepared kdelibs and kdebase uploads for this. I'm now looking > > for somebody to upload them for me. > Are you one of the normal KDE maintainers? (Sorry, I'm not up-to-date on > KDE maintenance.) If so, I can do the sponsoring. let's say I'm becoming an habitual. as for sponsoring, I just talked to Riku Voipio and he'll be reviewing and uploading tomorrow, is that ok with you? in any case, thanks for your offer. -- Adeodato Simó EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621 Listening to: Oasis - Hello Everything you read in newspapers is absolutely true, except for that rare story of which you happen to have first-hand knowledge. -- Erwin Knoll
Bug#285126: CAN-2004-1171: plain text password exposure
Adeodato Simó wrote: > I've prepared kdelibs and kdebase uploads for this. I'm now looking > for somebody to upload them for me. Are you one of the normal KDE maintainers? (Sorry, I'm not up-to-date on KDE maintenance.) If so, I can do the sponsoring. -- see shy jo signature.asc Description: Digital signature
Bug#285126: CAN-2004-1171: plain text password exposure
* Joey Hess [Fri, 10 Dec 2004 14:45:15 -0500]: > Package: kdelibs, kdebase > Version: 3.3.2 > Tags: security, patch > Severity: serious > CAN-2004-1171 is about a security hole in KDE that allows for possible > passoword leakage: I've prepared kdelibs and kdebase uploads for this. I'm now looking for somebody to upload them for me. -- Adeodato Simó EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621 Listening to: The Beatles - Get back When it is not necessary to make a decision, it is necessary not to make a decision.
Bug#285126: CAN-2004-1171: plain text password exposure
Package: kdelibs, kdebase Version: 3.3.2 Tags: security, patch Severity: serious CAN-2004-1171 is about a security hole in KDE that allows for possible passoword leakage: KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for in plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares. Note that this will need to be fixed in both the version in unstable and the older version in testing via t-p-u. This page has details of the hole and links to patches for all recent versions of KDE: http://marc.theaimsgroup.com/?l=bugtraq&m=110261063201488&w=2 -- see shy jo signature.asc Description: Digital signature
