Package: vim-tiny Version: 1:7.0-122+1etch3 Severity: normal
with the default (upstream) settings for the viminfo option, vim saves the contents of up to 50 buffers (including the unnamed buffer) in ~/.viminfo. if one user doesn't know about the .viminfo file (which is very likely), she can for example edit a file containing sensitive information, cut and paste several times, then save the file, encrypt it with gpg, remove (shred) the cleartext file, and believe her information is completely safe, while in fact it's readable to anybody having read access to ~/.viminfo, e.g. the superuser on her system, or someone who stole the usb key where she backed up her home directory. the same danger exists for other information, such as gpg and ssh private keys, but these can be proected by a passphrase (strongly recommended). best regards, -- giuseppe -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-686 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages vim-tiny depends on: ii libc6 2.3.6.ds1-13etch4 GNU C Library: Shared libraries ii libncurses5 5.5-5 Shared libraries for terminal hand ii vim-common 1:7.0-122+1etch3 Vi IMproved - Common files vim-tiny recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
