Package: qtnx
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
squeeze (6.0.7) - use
Package: qtnx
Version: 0.9-3
Severity: grave
Tags: security
Justification: user security hole
Hi.
It seems that qtnx stores any non-custom ssh keys world-readable:
$ ls -al ~/.qtnx/
total 12
drwxr-xr-x 2 user user 4096 Aug 11 15:01 .
drwx-- 51 user user 4096 Aug 11 15:01 ..
-rw-r--r-- 1 us
2 matches
Mail list logo
