Package: glipper Version: 1.0-1.1 Severity: serious Tags: security ~/.glipper/history contains potentially sensative information (whatever has been put in the clipboard lately) and yet is world-readable:
j...@gnu:~/.glipper>ls -ld . history drwxr--r-- 3 joey joey 4096 Nov 9 20:53 ./ -rw-r--r-- 1 joey joey 2585 Nov 9 20:51 history This file absolutely needs to be mode 600. Workaround: Disable "Save history" in Preferences. (If it matters, my umask is 022.) -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.30-1-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages glipper depends on: ii gconf2 2.28.0-1 GNOME configuration database syste ii gnome-panel 2.28.0-1 launcher and docking facility for ii python 2.5.4-2 An interactive high-level object-o ii python-gnome2 2.28.0-1 Python bindings for the GNOME desk ii python-gnomeapplet 2.28.0-1 Python bindings for the GNOME pane ii python-gobject 2.20.0-1 Python bindings for the GObject li ii python-support 1.0.4 automated rebuilding support for P Versions of packages glipper recommends: ii python-crypto 2.0.1+dfsg1-4 cryptographic algorithms and proto ii yelp 2.28.0+webkit-1 Help browser for GNOME glipper suggests no packages. -- no debconf information -- see shy jo
signature.asc
Description: Digital signature
