[Tails-dev] KeePassX Security Update

Delete this message

Reply to this message
Author: Michael English
Date:  
To: The Tails public development discussion list
Subject: [Tails-dev] KeePassX Security Update
KeePassX has been updated to version 0.4.4 although it has not been
included in Debian yet. https://www.keepassx.org/news/2015/12/551

CVE-2015-8378: Canceling XML export function creates export as “.xml” file

When canceling the “Export to > KeePassX XML file” function the
cleartext passwords were still exported.

In this case the password database was exported as the file “.xml” in
the current working directory (often $HOME or the directory of the
database).

Originally reported as Debian bug #791858
https://bugs.debian.org/791858

Someone should get it included in the Debian repositories so that it can
be installed in the next version of Tails.

Cheers,
Michael English