Your message dated Thu, 16 Jun 2022 13:13:03 +0200
with message-id <4719092.GXAFRqVoOG@bagend>
and subject line Re: bug 806500 is forwarded to
https://bugs.quassel-irc.org/issues/1505
has caused the Debian Bug report #806500,
regarding quassel-client: Client configuration is world readable and contains
password in plain text
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
806500: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806500
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: quassel-client
Version: 1:0.12.2-2
Severity: grave
Tags: security
Justification: user security hole
As I was trying to setup CertFP I had a look at
~/.config/quassel-irc.org and noticed the following:
-rw-r--r-- 1 diederik diederik 8101 nov 28 03:01 quasselclient.conf
Looking into that file I could easily see my password and that combined
with the security settings of that file did not make me happy.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf
Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages quassel-client depends on:
ii dbus-x11 1.10.4-1
ii gawk 1:4.1.1+dfsg-1
ii libc6 2.19-22
ii libdbusmenu-qt5-2 0.9.3+15.10.20150604-1
ii libkf5configwidgets5 5.15.0-1
ii libkf5coreaddons5 5.15.0-1
ii libkf5notifications5 5.15.0-1
ii libkf5notifyconfig5 5.15.0-1
ii libkf5sonnetui5 5.15.0-1
ii libkf5textwidgets5 5.15.0-1
ii libkf5widgetsaddons5 5.15.0-1
ii libkf5xmlgui5 5.15.0-1
ii libphonon4qt5-4 4:4.8.3-2
ii libqt5core5a 5.5.1+dfsg-8
ii libqt5dbus5 5.5.1+dfsg-8
ii libqt5gui5 5.5.1+dfsg-8
ii libqt5network5 5.5.1+dfsg-8
ii libqt5webkit5 5.5.1+dfsg-2
ii libqt5widgets5 5.5.1+dfsg-8
ii libstdc++6 5.2.1-26
ii phonon4qt5 4:4.8.3-2
ii quassel-data 1:0.12.2-2
ii zlib1g 1:1.2.8.dfsg-2+b1
quassel-client recommends no packages.
quassel-client suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 1:0.13.0-1
On Tuesday, 14 September 2021 02:03:58 CEST Diederik de Haas wrote:
> Control: tag -1 upstream fixed-upstream
>
> On 11 Dec 2018 11:08:15 -0500 Scott Kitterman <[email protected]> wrote:
> > forwarded 806500 https://bugs.quassel-irc.org/issues/1505
>
> According to that upstream bug, the issue has been fixed. I did take a look
> at
> https://github.com/quassel/quassel/commits/master but there wasn't a
> specific commit (message) that jumped out at me for being the fix.
Found it and it was part of upstream's 0.13-rc1 tag and Debian's 1:0.13.0-1:
https://github.com/quassel/quassel/commit/27df512ce272d88cf85b854f6bfb3f1c7ba4a65c
So closing it with that version.
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
_______________________________________________
pkg-kde-extras mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-kde-extras
