Processing control commands:
> retitle -1 kedpm: CVE-2017-8296: Information leak via the command history file
Bug #860817 [src:kedpm] kedpm: Information leak via the command history file
Changed Bug title to 'kedpm: CVE-2017-8296: Information leak via the command
history file' from 'ke
Control: retitle -1 kedpm: CVE-2017-8296: Information leak via the command
history file
CVE-2017-8296 has been assigned for this vulnerability.
Regards,
Salvatore
On 2017-04-27 06:24:25, Salvatore Bonaccorso wrote:
> Hi,
>
> On Wed, Apr 26, 2017 at 05:01:30PM -0400, Antoine Beaupr?? wrote:
>> Control: tags -1 +patch
>>
>> I have requested a CVE on the oss-security mailing list.
>
> Please note that requests are done now via
>
> https://cveform.mitre.org/
Hi,
On Wed, Apr 26, 2017 at 05:01:30PM -0400, Antoine Beaupr?? wrote:
> Control: tags -1 +patch
>
> I have requested a CVE on the oss-security mailing list.
Please note that requests are done now via
https://cveform.mitre.org/
Can you please fill a request via that channel?
Regards,
Processing control commands:
> tags -1 +patch
Bug #860817 [src:kedpm] kedpm: Information leak via the command history file
Added tag(s) patch.
--
860817: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860817
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Control: tags -1 +patch
I have requested a CVE on the oss-security mailing list.
In the meantime, there's this patch that should apply to jessie and can
probably be backported to wheezy as well.
It simply removes the "passwd" entries from the history before it is
written to disk. It will not
Source: kedpm
Version: 1.0
Severity: grave
Tags: upstream security
Justification: user security hole
Hello,
I've discovered an information leak that can give some hints about what ppl
search and read in the password manager.
kedpm is creating a history file in ~/.kedpm/history that is written
7 matches
Mail list logo