Package: keepass2 Version: 2.28+dfsg-1 Severity: grave Tags: security Justification: user security hole
Dear Maintainer, The two options "Lock workspace when locking the computer" and "Lock workspace when the computer is about to be suspended" do not function. This makes possible reading user's secrets from memory if, for example, a laptop is stolen while suspended and the software is running. The two options are specifically designed to prevent this from happening and a user who has enabled them will expect to be protected from such an attack. I am using Gnome on Debian Jessie. -- System Information: Debian Release: 8.0 APT prefers proposed-updates APT policy: (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages keepass2 depends on: ii libmono-corlib4.5-cil 3.2.8+dfsg-10 ii libmono-system-drawing4.0-cil 3.2.8+dfsg-10 ii libmono-system-security4.0-cil 3.2.8+dfsg-10 ii libmono-system-windows-forms4.0-cil 3.2.8+dfsg-10 ii libmono-system-xml4.0-cil 3.2.8+dfsg-10 ii libmono-system4.0-cil 3.2.8+dfsg-10 ii libx11-6 2:1.6.2-3 ii mono-runtime 3.2.8+dfsg-10 Versions of packages keepass2 recommends: ii xsel 1.2.0-2 Versions of packages keepass2 suggests: ii keepass2-doc 2.28+dfsg-1 pn mono-dmcs <none> pn xdotool <none> -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
