AOH :: HP Unsorted E :: BT-21234.HTM

evil little dictionary



evil little dictionary
evil little dictionary



Subject: stardict broadcasts clipboard context over network
Package: stardict
Version: 3.0.1-4.1
Justification: user security hole
Severity: grave
Tags: security

*** Please type your report below this line ***

In default config "enable net dict" is selected, it attempts to grab
clipboard and sends it over network... Unfortunately, not nearly all
data in clipboard are meant for translation, and some may be pretty
sensitive.

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.30 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=cs_CZ (charmap=ISO-8859-2)
Shell: /bin/sh linked to /bin/bash

Versions of packages stardict depends on:
ii  stardict-gnome                3.0.1-4.1  International dictionary
for GNOME

stardict recommends no packages.

stardict suggests no packages.

-- no debconf information

-- 
(english) http://www.livejournal.com/~pavelmachek 
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.