*** This bug is a security vulnerability *** You have been subscribed to a public security bug:
Binary package hint: seahorse-plugins gedit package: 2.24.2-0ubuntu1 (intrepid-updates) seahorse-plugins package: 2.24.1-0ubuntu1 (intrepid) All texts processed by the seahorse plugin for gedit are silently sent to gedit's standard output. Consequently, when gedit is launched via a launcher or the applications menu, all texts processed by the plugin, including decrypted text, are sent to the ~/.xsession-errors log file which is by default world readable. Any other user in the system is thus able to read the decrypted text until another session is restarted and the ~/.xsession-errors file is overwritten. Moreover, the decrypted text having been written to disk, it is remotely possible to recover it with a disk analysis, depending on the circumstances, all that without the user being aware of it. ** Affects: seahorse-plugins Importance: Unknown Status: Unknown ** Affects: seahorse-plugins (Ubuntu) Importance: Medium Assignee: Ubuntu Desktop Bugs (desktop-bugs) Status: New -- Security hole in the gedit plugin https://bugs.edge.launchpad.net/bugs/307863 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug assignee. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs