shutter lists private files in log
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Shutter |
Fix Released
|
Undecided
|
Michael Kogan |
Bug Description
Below files are not of type png and message for each is put in log file
lis 24 17:18:02 xps13 shutter.
lis 24 17:18:02 xps13 shutter.
lis 24 17:18:02 xps13 shutter.
lis 24 17:18:02 xps13 shutter.
lis 24 17:18:02 xps13 shutter.
lis 24 17:18:02 xps13 shutter.
lis 24 17:18:02 xps13 shutter.
lis 24 17:18:02 xps13 shutter.
lis 24 17:18:02 xps13 shutter.
lis 24 17:18:02 xps13 shutter.
lis 24 17:18:02 xps13 shutter.
lis 24 17:18:02 xps13 shutter.
lis 24 17:18:02 xps13 shutter.
From security perspective even if this is just filename such debug be default should be disabled unless user will get awareness about that.
Example data leak scenario would be if shutter files are saved in mount point encrypted on demand
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: shutter 0.94-1
ProcVersionSign
Uname: Linux 4.15.0-124-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.9-0ubuntu7.20
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Wed Nov 25 00:06:22 2020
InstallationDate: Installed on 2015-05-08 (2027 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
PackageArchitec
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
XDG_RUNTIME_
LANG=pl_PL.UTF-8
SHELL=/bin/bash
SourcePackage: shutter
UpgradeStatus: Upgraded to bionic on 2018-08-26 (821 days ago)
information type: | Private Security → Public Security |
Hello Bartłomiej, can we set this bug report public so others may see it? I'm not sure if your filenames are things you'd like to keep private or not.
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https:/ /wiki.ubuntu. com/SecurityTea m/UpdateProcedu res
Thanks