Candidate: CVE-2015-8378
PublicDate: 2017-04-10 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8378
 http://www.openwall.com/lists/oss-security/2015/11/30/4
Description:
 In KeePassX before 0.4.4, a cleartext copy of password data is created upon
 a cancel of an XML export action. This allows context-dependent attackers
 to obtain sensitive information by reading the .xml dotfile.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=791858
 https://bugs.launchpad.net/ubuntu/+source/keepassx/+bug/1531108
Priority: medium
Discovered-by:
Assigned-to: tyhicks
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]

Patches_keepassx:
 upstream: https://anonscm.debian.org/cgit/collab-maint/keepassx.git/commit/?id=b3c9028db8ec3b8752ff47717ffc792d755c1294
upstream_keepassx: released (0.4.3+dfsg-1)
precise_keepassx: released (0.4.3-1ubuntu2.1)
trusty_keepassx: released (0.4.3+dfsg-0.1ubuntu1.14.04.1)
trusty/esm_keepassx: DNE (trusty was released [0.4.3+dfsg-0.1ubuntu1.14.04.1])
vivid_keepassx: released (0.4.3+dfsg-0.1ubuntu1.15.04.1)
wily_keepassx: released (0.4.3+dfsg-0.1ubuntu1.15.10.1)
devel_keepassx: released (0.4.3+dfsg-0.1ubuntu2)