[SRU] CVE-2013-1853: Almanah doesn't encrypt the database
Bug #1155000 reported by
Angel Abad
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
almanah |
Fix Released
|
Critical
|
|||
0.10 |
Fix Released
|
Critical
|
|||
0.9 |
Fix Released
|
Critical
|
|||
almanah (Debian) |
Fix Released
|
Unknown
|
|||
almanah (Ubuntu) |
Fix Released
|
High
|
Angel Abad | ||
Quantal |
Fix Released
|
High
|
Angel Abad | ||
Raring |
Fix Released
|
High
|
Angel Abad |
Bug Description
GApplication doesn't use "quit_mainloop" event since GIO 2.32[1], so Almanah
doesn't encrypt the database[2] when the user close the application.
This a security problem for users.
[Test Case]
Open almanah, configure encryption, save some entries, and see file ~/.local/
[Regression Potential]
I think there is no option for regression, this patch is from upstream and specific for this problem.
Regards,
Related branches
CVE References
Changed in almanah (Ubuntu): | |
importance: | Undecided → High |
assignee: | nobody → Angel Abad (angelabad) |
Changed in almanah (Ubuntu Quantal): | |
importance: | Undecided → High |
assignee: | nobody → Angel Abad (angelabad) |
Changed in almanah (Ubuntu Raring): | |
status: | New → In Progress |
Changed in almanah (Ubuntu Quantal): | |
status: | New → In Progress |
Changed in almanah (Debian): | |
status: | Unknown → Fix Released |
summary: |
- [SRU] Almanah doesn't encrypt the database + [SRU] CVE-2013-1853: Almanah doesn't encrypt the database |
Changed in almanah (Ubuntu Quantal): | |
status: | In Progress → Fix Committed |
status: | Fix Committed → In Progress |
Changed in almanah (Ubuntu Quantal): | |
status: | In Progress → Fix Committed |
To post a comment you must log in.
This bug was fixed in the package almanah - 0.10.1-1
---------------
almanah (0.10.1-1) experimental; urgency=high
* Imported Upstream version 0.10.1 (Closes: #702905)
-- Angel Abad <email address hidden> Tue, 12 Mar 2013 21:21:29 +0100