Re: [Tails-dev] KeePassX Security Update

Delete this message

Reply to this message
Author: Michael English
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] KeePassX Security Update
I just noticed that I made a mistake. KeePassX has been fixed in Debian
testing except it has not been fixed in Debian stable.

The fix for CVE-2015-8378 is also available as a patch:
https://www.keepassx.org/releases/0.4.4/CVE-2015-8378.patch

Michael English:
> KeePassX has been updated to version 0.4.4 although it has not been
> included in Debian yet. https://www.keepassx.org/news/2015/12/551
>
> CVE-2015-8378: Canceling XML export function creates export as “.xml” file
>
> When canceling the “Export to > KeePassX XML file” function the
> cleartext passwords were still exported.
>
> In this case the password database was exported as the file “.xml” in
> the current working directory (often $HOME or the directory of the
> database).
>
> Originally reported as Debian bug #791858
> https://bugs.debian.org/791858
>
> Someone should get it included in the Debian repositories so that it can
> be installed in the next version of Tails.
>
> Cheers,
> Michael English
>