thr3ads.net - Secure testing team - [Secure-testing-team] Re: Bug#319016: Information leak through insufficient permissions on backup files in kate (CAN-2005-1920) [Mar 2006]

If this information is useful, please help other people find it:
Share via:

Adeodato Simó

2006-Mar-13 12:28 UTC

[Secure-testing-team] Re: Bug#319016: Information leak through insufficient permissions on backup files in kate (CAN-2005-1920)

* Moritz Muehlenhoff [Tue, 19 Jul 2005 11:13:44 +0200]:
> Package: kate
> Severity: important
> Tags: security
> Kate creates backup files with default permissions, which may cause
> sensitive information to be visible to other users on the system.
> Please see http://www.kde.org/info/security/advisory-20050718-1.txt
> for full details.
> stable, testing and sid are affected, oldstable is not.
> It''s been fixed in the 3.4.1 packages in experimental.
  I''ve marked this bug as closed as of 4:3.4.1-1 (currently in
  experimental, as you say). For sid, we plan no other action for fixing
  than wait till all the necessary libraries have made their C++ ABI
  transition (Qt, aRts, kdelibs4) and then upload KDE 3.4.1 to unstable
  as planned.

  As for testing, I don''t know if the testing-security distribution is
  meant to be operating so early in the release cycle, but if it is,
  this could be a great opportunity to check if it really works, given
  that getting the fix through unstable will mean a significant delay.
  Not that the vulnerability is critical, though.

  Cheers,

-- 
Adeodato Sim?
    EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
 
Testing can show the presence of bugs, but not their absence.
                -- Dijkstra

Secure testing team - Mar 2006 - Re: Bug#319016: Information leak through insufficient permissions on backup files in kate (CAN-2005-1920)

[Secure-testing-team] Re: Bug#319016: Information leak through insufficient permissions on backup files in kate (CAN-2005-1920)