Control: found -1 2:11.0~git20120510.82388d5-1 Control: tags -1 confirmed 2014-05-08 16:41 GMT+02:00 Adrien Grellier <pe...@adrieng.fr>: > Package: xbmc > Version: 2:13.0+dfsg1-1 > Severity: grave > Tags: security > X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org > > Hi, > > I just add a webdav source in xbmc, so it asks for a username and password. > But these informations are then stored in a plain XML file: > ~/.xbmc/userdata/sources.xml, moreover a world readable file: > > adrien ~/ $ ls -l .xbmc/userdata/sources.xml > -rw-r--r-- 1 adrien adrien 1006 mai 8 16:34 .xbmc/userdata/sources.xml > > > This file should be at least chmod 700 and the users should be informed that > the password will be stored in a unsafe manner. > > Regards, > > Adrien > > --- System information. --- > Architecture: amd64 > Kernel: Linux 3.13-1-amd64 > > Debian Release: jessie/sid > 900 testing security.debian.org > 900 testing ftp.fr.debian.org > 800 unstable ftp.fr.debian.org > 700 experimental ftp.fr.debian.org > > --- Package information. --- > Depends (Version) | Installed > ============================================-+-======================= > xbmc-bin (>= 2:13.0+dfsg1-1) | 2:13.0+dfsg1-1 > xbmc-bin (<< 2:13.0+dfsg1-1.1~) | 2:13.0+dfsg1-1 > mesa-utils | 8.1.0-2+b1 > x11-utils | 7.7+1 > fonts-dejavu-core | 2.34-1 > OR ttf-dejavu-core | 2.34-1 > fonts-roboto | 1:4.3-3 > libjs-jquery | 1.7.2+dfsg-3 > libjs-iscroll | 5.1.1+dfsg1-1 > python-imaging | 2.3.0-2 > python:any (>= 2.7.5-5~) | > > > Package's Recommends field is empty. > > Package's Suggests field is empty.
-- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
