This bug was fixed in the package pithos - 0.3.8-1
---
pithos (0.3.8-1) unstable; urgency=high
* New upstream bugfix release.
* SECURITY UPDATE: Pandora password leak to local users. (LP: #733307)
- pithos/PreferencesPithosDialog.py: correct mode on pithos.ini on next
ru
** Changed in: pithos (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/733307
Title:
password stored in plaintext in $HOME/.config/pithos.ini
--
u
Why even offer the 'unsafe_permissions' option at all? Do you actually
know of a specific case where a user would need different permissions on
the file? Seems like it would be unwise to add configuration options
"just because".
--
You received this bug notification because you are a member of Ub
** Changed in: pithos
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/733307
Title:
password stored in plaintext in $HOME/.config/pithos.ini
--
ubuntu-bu
** Changed in: pithos
Status: Triaged => Fix Committed
** Changed in: pithos
Assignee: (unassigned) => Luke Faraone (lfaraone)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/733307
Title:
** Branch linked: lp:~lfaraone/pithos/password-permissions-fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/733307
Title:
password stored in plaintext in $HOME/.config/pithos.ini
--
ubuntu-bugs m
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-1500
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/733307
Title:
password stored in plaintext in $HOME/.config/pithos.ini
--
u
Not as far as we're aware; the main login method used by the Pandora web
client sends the password symmetrically encrypted.
We'll look into possibly logging in via SSL and transferring from an
HTTP cookie to a LSO, but the protocol's use of blowfish means that the
authentication token (be it passw
Is it not possible to send the login information over SSL?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/733307
Title:
password stored in plaintext in $HOME/.config/pithos.ini
--
ubuntu-bugs maili
** Changed in: pithos (Ubuntu)
Status: New => In Progress
** Changed in: pithos (Ubuntu)
Assignee: (unassigned) => Luke Faraone (lfaraone)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/733
** Visibility changed to: Public
** Description changed:
- should be stored in md5sum.
+ The configuration file which stores authentication for Pandora is world
+ readable. This allows other local users to read a user's authentication
+ credentials.
--
You received this bug notification because
11 matches
Mail list logo
