Package: gossip Version: 0.10.1-1 Severity: grave Tags: security Justification: user security hole
In Gossip version 0.10, the passwords are stored in clear text in ~/.gnome2/Gossip/accounts.xml, which is a world-readable file. Passwords should at least be stored in gnome2-private, or in a file with restricted rights, or using some encryption, or any combination of these. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (900, 'testing'), (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15-1-686 Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Versions of packages gossip depends on: ii gconf2 2.12.1-9 GNOME configuration database syste ii libc6 2.3.5-13 GNU C Library: Shared libraries an ii libgconf2-4 2.12.1-9 GNOME configuration database syste ii libglade2-0 1:2.5.1-2 library to load .glade files at ru ii libglib2.0-0 2.8.6-1 The GLib library of C routines ii libgnome2-0 2.12.0.1-5 The GNOME 2 library - runtime file ii libgnomeui-0 2.12.1-1 The GNOME 2 libraries (User Interf ii libgnomevfs2-0 2.12.2-5 GNOME virtual file-system (runtime ii libgtk2.0-0 2.8.12-1 The GTK+ graphical user interface ii libloudmouth1-0 1.0.1-4 Lightweight C Jabber library ii libpango1.0-0 1.10.3-1 Layout and rendering of internatio ii libpopt0 1.7-5 lib for parsing cmdline parameters ii libx11-6 6.9.0.dfsg.1-4 X Window System protocol client li ii libxml2 2.6.23.dfsg.2-2 GNOME XML library ii libxslt1.1 1.1.15-4 XSLT processing library - runtime ii libxss1 6.9.0.dfsg.1-4 X Screen Saver client-side library gossip recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
