[Pkg-kde-extras] Bug#806500: quassel-client: Client configuration is world readable and contains password in plain text
Diederik de Haas
didi.debian at cknow.org
Sat Nov 28 02:14:16 UTC 2015
Package: quassel-client
Version: 1:0.12.2-2
Severity: grave
Tags: security
Justification: user security hole
As I was trying to setup CertFP I had a look at
~/.config/quassel-irc.org and noticed the following:
-rw-r--r-- 1 diederik diederik 8101 nov 28 03:01 quasselclient.conf
Looking into that file I could easily see my password and that combined
with the security settings of that file did not make me happy.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, armhf
Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages quassel-client depends on:
ii dbus-x11 1.10.4-1
ii gawk 1:4.1.1+dfsg-1
ii libc6 2.19-22
ii libdbusmenu-qt5-2 0.9.3+15.10.20150604-1
ii libkf5configwidgets5 5.15.0-1
ii libkf5coreaddons5 5.15.0-1
ii libkf5notifications5 5.15.0-1
ii libkf5notifyconfig5 5.15.0-1
ii libkf5sonnetui5 5.15.0-1
ii libkf5textwidgets5 5.15.0-1
ii libkf5widgetsaddons5 5.15.0-1
ii libkf5xmlgui5 5.15.0-1
ii libphonon4qt5-4 4:4.8.3-2
ii libqt5core5a 5.5.1+dfsg-8
ii libqt5dbus5 5.5.1+dfsg-8
ii libqt5gui5 5.5.1+dfsg-8
ii libqt5network5 5.5.1+dfsg-8
ii libqt5webkit5 5.5.1+dfsg-2
ii libqt5widgets5 5.5.1+dfsg-8
ii libstdc++6 5.2.1-26
ii phonon4qt5 4:4.8.3-2
ii quassel-data 1:0.12.2-2
ii zlib1g 1:1.2.8.dfsg-2+b1
quassel-client recommends no packages.
quassel-client suggests no packages.
-- no debconf information
More information about the pkg-kde-extras
mailing list