[Secure-testing-team] Bug#534731: stardict broadcasts clipboard context over network

Pavel Machek pavel at ucw.cz
Fri Jun 26 18:24:26 UTC 2009


Package: stardict
Version: 3.0.1-4.1
Severity: grave
Tags: security
Justification: user security hole


In default config "enable net dict" is selected, it attempts to grab
clipboard and sends it over network... Unfortunately, not nearly all
data in clipboard are meant for translation, and some may be pretty
sensitive.

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.30 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=cs_CZ (charmap=ISO-8859-2)
Shell: /bin/sh linked to /bin/bash

Versions of packages stardict depends on:
ii  stardict-gnome                3.0.1-4.1  International dictionary for GNOME

stardict recommends no packages.

stardict suggests no packages.

-- no debconf information





More information about the Secure-testing-team mailing list