Your message dated Mon, 11 Jan 2016 11:52:23 +0000
with message-id <e1aib1l-0001vr...@franck.debian.org>
and subject line Bug#791858: fixed in keepassx 2.0-1
has caused the Debian Bug report #791858,
regarding keepassx: CVE-2015-8378: canceling export operation creates cleartext
copy of all of the user's KeePassX password database entries
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
791858: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=791858
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: keepassx
Version: 0.4.3+dfsg-0.1
Severity: important
Tags: newcomer
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
Klick on file/export_to/KeepassX XML-File
* What exactly did you do (or not do) that was effective (or
ineffective)?
Test and check the functions on keepass. This will be save an invisivle .xml
file in your home directory.
* What was the outcome of this action?
The Passwortlist is accessible in plaintext
* What outcome did you expect instead?
This effekt is also in my arch / manjaro-linux-package of keepassx
Thanks for help Hopefully! :-)
-- System Information:
Debian Release: 8.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages keepassx depends on:
ii libc6 2.19-18
ii libgcc1 1:4.9.2-10
ii libqt4-xml 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii libqtcore4 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii libqtgui4 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii libstdc++6 4.9.2-10
ii libx11-6 2:1.6.2-3
ii libxtst6 2:1.2.2-1+b1
keepassx recommends no packages.
keepassx suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: keepassx
Source-Version: 2.0-1
We believe that the bug you reported is fixed in the latest version of
keepassx, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 791...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Reinhard Tartler <siret...@tauware.de> (supplier of updated keepassx package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 09 Jan 2016 19:24:30 -0500
Source: keepassx
Binary: keepassx
Architecture: source
Version: 2.0-1
Distribution: unstable
Urgency: medium
Maintainer: Reinhard Tartler <siret...@tauware.de>
Changed-By: Reinhard Tartler <siret...@tauware.de>
Description:
keepassx - Cross Platform Password Manager
Closes: 645499 685533 707634 714357 763083 791858
Changes:
keepassx (2.0-1) unstable; urgency=medium
.
* New upstream release. (Closes: #707634)
- Completely rewritten compared to 0.x series
(closes: #707634, #685533, #714357, #763083, #791858)
- pronouncable password generator has been dropped (closes: #645499)
Checksums-Sha1:
953e73dfcfc250492c562a0dde3b25557011b17c 1720 keepassx_2.0-1.dsc
e5dc2e55c9ec22a769abac177f2c3b6dfb0a315c 1524638 keepassx_2.0.orig.tar.gz
166c4f8a63562681d83aa3c55eaf2fc5627a8ba8 9628 keepassx_2.0-1.debian.tar.xz
Checksums-Sha256:
195ff6867a3726e07dc0aba24c018dd9e3e366419e8bca7c1ff6d47ba27d7fc9 1720
keepassx_2.0-1.dsc
0eb40fac3a44d8283dfc1ee28cc6de5c660b22ab975472de82c2b04675c822e6 1524638
keepassx_2.0.orig.tar.gz
a6661cccfd97f7cf5754d3c2f1316aa63195d8aae4b3201ef362df6c11030252 9628
keepassx_2.0-1.debian.tar.xz
Files:
44048d763ec6bb6a88939b824be7982a 1720 utils optional keepassx_2.0-1.dsc
ded7db880d07cd1e5f7bd5bf3cc8c0f4 1524638 utils optional
keepassx_2.0.orig.tar.gz
868904eb1622c1c4c25e9f9ce4921cfc 9628 utils optional
keepassx_2.0-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCAAGBQJWk5PlAAoJEIuAbIZKeKRFNFsMALOJb47mpbA+0WFtsiVlx2D/
Co8587I8k4d+kIfQjil7mPQTG33NCRQMv75LHaNDkv1sVCLxXOJyRRImHl68kDpU
BtC02LT6L9GOSIQf6DCpXQiSAss80GxJGFPh3Fumd6OWmYq/HEhkWM/E8yWXxBEp
tE8EqpaBIdan6/6kDCaBI0tu64rqwkhU7V9fYfEEPKkC0RtcMrnvrVOtXTFtK5tT
aeyKtyn15RB2r5QV9ibH+lgkt4Gw5WmHz8+a6KmnEc8CiljWZvg+vYryDiAenG3C
QfneD1AC3PULF9FUI/nP+T9G4LoFQ34+Ji3trANUUwVhYbUr6zqajUlNswX9pBu+
2RQQ72xfBSZ9NY6/zE6GYMU+XOBSK7IEhfQcXu4c8w2EX4K+bEQKYd4W2dhN188h
ODwKLXZTtILxaGJsHSV1dqfR4zyTo9IpgMJwQNrPwYqUOjiIEUIW61+F8JuqJ/0e
mDNew7+99/TX4+l/hCHWjs5fUwTxHiclds36CtxRNQ==
=zHcd
-----END PGP SIGNATURE-----
--- End Message ---
