Your message dated Fri, 04 Dec 2015 04:22:20 +0000 with message-id <e1a4hsy-0006ap...@franck.debian.org> and subject line Bug#791858: fixed in keepassx 0.4.3+dfsg-1 has caused the Debian Bug report #791858, regarding keepassx: CVE-2015-8378: canceling export operation creates cleartext copy of all of the user's KeePassX password database entries to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 791858: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=791858 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: keepassx Version: 0.4.3+dfsg-0.1 Severity: important Tags: newcomer Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? Klick on file/export_to/KeepassX XML-File * What exactly did you do (or not do) that was effective (or ineffective)? Test and check the functions on keepass. This will be save an invisivle .xml file in your home directory. * What was the outcome of this action? The Passwortlist is accessible in plaintext * What outcome did you expect instead? This effekt is also in my arch / manjaro-linux-package of keepassx Thanks for help Hopefully! :-) -- System Information: Debian Release: 8.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages keepassx depends on: ii libc6 2.19-18 ii libgcc1 1:4.9.2-10 ii libqt4-xml 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 ii libqtcore4 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 ii libqtgui4 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1 ii libstdc++6 4.9.2-10 ii libx11-6 2:1.6.2-3 ii libxtst6 2:1.2.2-1+b1 keepassx recommends no packages. keepassx suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: keepassx Source-Version: 0.4.3+dfsg-1 We believe that the bug you reported is fixed in the latest version of keepassx, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 791...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reinhard Tartler <siret...@tauware.de> (supplier of updated keepassx package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 03 Dec 2015 22:02:42 -0500 Source: keepassx Binary: keepassx Architecture: source amd64 Version: 0.4.3+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Reinhard Tartler <siret...@debian.org> Changed-By: Reinhard Tartler <siret...@tauware.de> Description: keepassx - Cross Platform Password Manager Closes: 698832 791858 Changes: keepassx (0.4.3+dfsg-1) unstable; urgency=medium . * Acknowledge NMU, many thanks for helping out! (Closes: #698832) * Add patch that fixes CVE-2015-8378 (Closes: #791858) Checksums-Sha1: 2cdc3bf567bb023f4917a44107f2f3cd9025fc93 1766 keepassx_0.4.3+dfsg-1.dsc 2ab50a956311997c39a02d316f59cdebd1e843d9 12540 keepassx_0.4.3+dfsg-1.debian.tar.xz a9238479248ae413baf940c526a838c67d934368 753416 keepassx_0.4.3+dfsg-1_amd64.deb Checksums-Sha256: 588f2a8b29c3ce88dae324bfc23a042f2681dcf58d5d02455139cac38a0cee6c 1766 keepassx_0.4.3+dfsg-1.dsc 3169e47096b55ddd94d90c4db202e99be09d8204d4c10e5df2d601d0e7c7666e 12540 keepassx_0.4.3+dfsg-1.debian.tar.xz cf309cd0be58a050bccc7cd6625232952497c2464af094d3191fcc393533857c 753416 keepassx_0.4.3+dfsg-1_amd64.deb Files: 62c1a28b11046a8a87228f92002b00d5 1766 utils optional keepassx_0.4.3+dfsg-1.dsc 25ea7ea492f32f1578b6c0f7dd875ef0 12540 utils optional keepassx_0.4.3+dfsg-1.debian.tar.xz 118e5b5ce1e2103727ac35b77b462b3c 753416 utils optional keepassx_0.4.3+dfsg-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQGcBAEBCAAGBQJWYQe1AAoJEIuAbIZKeKRF6AsMAJOZv4zEBmHtnraDal4/hnzX OGq4jtD1rz/iVlMeoXDarQ7nEpywkrm3ZCwZf7+oiUXqe6KgJtE42f54z3WPNCay Glets6zbPuD51VkfqkYNSuaqzIX3fS1K3Tn4I6HUZkic5aeuGPI0wuU6fK7QiJti tiEgCIWwteB1AVjfEgPyqDkNI5VU5Tq1YvBCc+P7P4WIGVOXvHQ0GACGhaen/PpR P3zkJBeuwAEXLxfPIV1TQck20NUx21zRsdzi64+xARCbOghiNxBX7iQgQJIWMPqA Ob4x0/sXtIk+FBKvDeH/TDG6RsZ/JnRBEs983DB5ndvrK/q7rXwO+TL1K+M/74T5 i2oumgdOmjFB+5bc+E2ii8bXn7xYIxSMTsfxzTycTJlLYV+WAxJW0upvZvRcYh5z NiM6OC+ry+5fznUas0couCGJNfKG7GeR9o45z4BofWGNkIEcCFQvUXU/fBJiAUih kzgWJ9nJ1qb35dXwSyEkUt4p1k9V6cc7XSdjKvs3sA== =RDa0 -----END PGP SIGNATURE-----
--- End Message ---
