Bug#791858: marked as done (keepassx: CVE-2015-8378: canceling export operation creates cleartext copy of all of the user's KeePassX password database entries)

[Debian Bug Tracking System]

Your message dated Mon, 07 Dec 2015 21:47:06 +0000
with message-id <e1a63cg-0004jt...@franck.debian.org>
and subject line Bug#791858: fixed in keepassx 0.4.3+dfsg-0.1+deb8u1
has caused the Debian Bug report #791858,
regarding keepassx: CVE-2015-8378: canceling export operation creates cleartext 
copy of all of the user's KeePassX password database entries
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
791858: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=791858
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: keepassx
Version: 0.4.3+dfsg-0.1
Severity: important
Tags: newcomer

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
Klick on file/export_to/KeepassX XML-File
   * What exactly did you do (or not do) that was effective (or
     ineffective)?
Test and check the functions on keepass. This will be save an invisivle .xml
file in your home directory.
   * What was the outcome of this action?
The Passwortlist is accessible in plaintext

   * What outcome did you expect instead?
This effekt is also in my arch / manjaro-linux-package of keepassx

Thanks for help Hopefully! :-)



-- System Information:
Debian Release: 8.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages keepassx depends on:
ii  libc6       2.19-18
ii  libgcc1     1:4.9.2-10
ii  libqt4-xml  4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii  libqtcore4  4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii  libqtgui4   4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii  libstdc++6  4.9.2-10
ii  libx11-6    2:1.6.2-3
ii  libxtst6    2:1.2.2-1+b1

keepassx recommends no packages.

keepassx suggests no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: keepassx
Source-Version: 0.4.3+dfsg-0.1+deb8u1

We believe that the bug you reported is fixed in the latest version of
keepassx, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 791...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Reinhard Tartler <siret...@tauware.de> (supplier of updated keepassx package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 05 Dec 2015 13:15:11 -0500
Source: keepassx
Binary: keepassx
Architecture: source amd64
Version: 0.4.3+dfsg-0.1+deb8u1
Distribution: jessie
Urgency: medium
Maintainer: Reinhard Tartler <siret...@debian.org>
Changed-By: Reinhard Tartler <siret...@tauware.de>
Description:
 keepassx   - Cross Platform Password Manager
Closes: 791858
Changes:
 keepassx (0.4.3+dfsg-0.1+deb8u1) jessie; urgency=medium
 .
   * Add patch that fixes CVE-2015-8378 (Closes: #791858)
Checksums-Sha1:
 136e0cbda11f93c331285e51a32c3377ea6fef84 1825 
keepassx_0.4.3+dfsg-0.1+deb8u1.dsc
 0425698eec90dc967b322662e53f0c11104040cd 12532 
keepassx_0.4.3+dfsg-0.1+deb8u1.debian.tar.xz
 fdd8eeb6c4a8187fe303e5d30e0c2111c9831cf8 749354 
keepassx_0.4.3+dfsg-0.1+deb8u1_amd64.deb
Checksums-Sha256:
 b4e45bf7c0073aa8f63d836f6609ec6b1bdad8f4b5fa7e316e371491b2d2262c 1825 
keepassx_0.4.3+dfsg-0.1+deb8u1.dsc
 2ed1be589b8ed76586b87cfc0de8835e088bbd5466739a3df1784c821d17c9f5 12532 
keepassx_0.4.3+dfsg-0.1+deb8u1.debian.tar.xz
 d6037acc1b3e4b134cd2707ab7fec85c24b01f68b0655e06f9fc9907a887447b 749354 
keepassx_0.4.3+dfsg-0.1+deb8u1_amd64.deb
Files:
 4efaf78ea4223104b79559878ee19779 1825 utils optional 
keepassx_0.4.3+dfsg-0.1+deb8u1.dsc
 0f6e9240fcef9b7ec478e7b979f695fd 12532 utils optional 
keepassx_0.4.3+dfsg-0.1+deb8u1.debian.tar.xz
 dbb363054bf18cdbc0439a3c07c6e204 749354 utils optional 
keepassx_0.4.3+dfsg-0.1+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Debian Powered!

iQGcBAEBAgAGBQJWZNFnAAoJEIuAbIZKeKRFAswMALBoW4g2rH3eJYD6MYkZPuH+
5f1SxOjwVOqHFapWDLb1XtmiegyrzAaqOZtJsmCq8vDqPyydoK04ylfej1ffalCp
NMECG2cYjCGAE4QGB5AD+Jz/TefK+hHaTpgts903FPq8G/+zIsJRp4N1A1HkS+a0
wcPuB6gIL9/iMshRLn4h+TckjmB13ouC55CX7Ifw2zdfMlaDtg/i1KprR2IhDnwT
VyHPpHVFv+4NmzjL0K72lChzknTIKPxVmbpyOlA93l18qIBss739BWbch8O77wRi
fpxTYwj53lZQKVXDuBJdaN+zfFAMvZU8XdqbqyWrYjMzrx0GqRaLU8r7WijaVIAs
Z/S20CHxDQZySaSpHqpR6v/MSv+T0S94L3Gv2542A5b6GuXu8Hh1Mo5SFAcJpRAb
cdZNcqq4JNilbXYEzAUNSztD2xlb6aDne5LAsAy2oYyhptisCsgAvI2BJyiSOwT2
UJoox35See2YM95pqFKiF3iZNouKa1a25W30FsWktQ==
=va1u
-----END PGP SIGNATURE-----

--- End Message ---