Public bug reported: Binary package hint: seahorse-plugins
gedit package: 2.24.2-0ubuntu1 (intrepid-updates) seahorse-plugins package: 2.24.1-0ubuntu1 (intrepid) All texts processed by the seahorse plugin for gedit are silently sent to gedit's standard output. Consequently, when gedit is launched via a launcher or the applications menu, all texts processed by the plugin, including decrypted text, are sent to the ~/.xsession-errors log file which is by default world readable. Any other user in the system is thus able to read the decrypted text until another session is restarted and the ~/.xsession-errors file is overwritten. Moreover, the decrypted text having been written to disk, it is remotely possible to recover it with a disk analysis, depending on the circumstances, all that without the user being aware of it. ** Affects: seahorse-plugins (Ubuntu) Importance: Undecided Status: New -- Security hole in the gedit plugin https://bugs.launchpad.net/bugs/307863 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs