[Secure-testing-team] Bug#785305: keepass2: option to lock workspace on suspend does not work
Todor Tsankov
tt.debian at mail.ru
Thu May 14 14:04:25 UTC 2015
Package: keepass2
Version: 2.28+dfsg-1
Severity: grave
Tags: security
Justification: user security hole
Dear Maintainer,
The two options "Lock workspace when locking the computer"
and "Lock workspace when the computer is about to be suspended"
do not function. This makes possible reading user's secrets
from memory if, for example, a laptop is stolen while suspended
and the software is running. The two options are specifically
designed to prevent this from happening and a user who has
enabled them will expect to be protected from such an attack.
I am using Gnome on Debian Jessie.
-- System Information:
Debian Release: 8.0
APT prefers proposed-updates
APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages keepass2 depends on:
ii libmono-corlib4.5-cil 3.2.8+dfsg-10
ii libmono-system-drawing4.0-cil 3.2.8+dfsg-10
ii libmono-system-security4.0-cil 3.2.8+dfsg-10
ii libmono-system-windows-forms4.0-cil 3.2.8+dfsg-10
ii libmono-system-xml4.0-cil 3.2.8+dfsg-10
ii libmono-system4.0-cil 3.2.8+dfsg-10
ii libx11-6 2:1.6.2-3
ii mono-runtime 3.2.8+dfsg-10
Versions of packages keepass2 recommends:
ii xsel 1.2.0-2
Versions of packages keepass2 suggests:
ii keepass2-doc 2.28+dfsg-1
pn mono-dmcs <none>
pn xdotool <none>
-- no debconf information
More information about the Secure-testing-team
mailing list