Re: [Tails-dev] KeePassX Security Update

This message is part of the following thread:
Mthe complete thread tree sorted by date
MMichael English at <-
Mintrigeri at ->
Delete this message

Reply to this message
Author: Michael English
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] KeePassX Security Update
I just noticed that I made a mistake. KeePassX has been fixed in Debian
testing except it has not been fixed in Debian stable.

The fix for CVE-2015-8378 is also available as a patch:
https://www.keepassx.org/releases/0.4.4/CVE-2015-8378.patch

Michael English:
> KeePassX has been updated to version 0.4.4 although it has not been
> included in Debian yet. https://www.keepassx.org/news/2015/12/551
>
> CVE-2015-8378: Canceling XML export function creates export as “.xml” file
>
> When canceling the “Export to > KeePassX XML file” function the
> cleartext passwords were still exported.
>
> In this case the password database was exported as the file “.xml” in
> the current working directory (often $HOME or the directory of the
> database).
>
> Originally reported as Debian bug #791858
> https://bugs.debian.org/791858
>
> Someone should get it included in the Debian repositories so that it can
> be installed in the next version of Tails.
>
> Cheers,
> Michael English
>

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-[Tails-ux] Call for testing new tools and instructions to get started with TailsRe: [Tails-dev] Windows 10 theme for Tails/Jessie->
lists.autistici.org administrated by postmasterLurker (version 2.3)