[Secure-testing-team] Re: Bug#319016: Information leak through
insufficient permissions on backup files in kate (CAN-2005-1920)
Adeodato Simó
asp16 at alu.ua.es
Sat Jul 23 17:13:08 UTC 2005
* Moritz Muehlenhoff [Tue, 19 Jul 2005 11:13:44 +0200]:
> Package: kate
> Severity: important
> Tags: security
> Kate creates backup files with default permissions, which may cause
> sensitive information to be visible to other users on the system.
> Please see http://www.kde.org/info/security/advisory-20050718-1.txt
> for full details.
> stable, testing and sid are affected, oldstable is not.
> It's been fixed in the 3.4.1 packages in experimental.
I've marked this bug as closed as of 4:3.4.1-1 (currently in
experimental, as you say). For sid, we plan no other action for fixing
than wait till all the necessary libraries have made their C++ ABI
transition (Qt, aRts, kdelibs4) and then upload KDE 3.4.1 to unstable
as planned.
As for testing, I don't know if the testing-security distribution is
meant to be operating so early in the release cycle, but if it is,
this could be a great opportunity to check if it really works, given
that getting the fix through unstable will mean a significant delay.
Not that the vulnerability is critical, though.
Cheers,
--
Adeodato Simó
EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
Testing can show the presence of bugs, but not their absence.
-- Dijkstra
More information about the Secure-testing-team
mailing list