ArchLinux: 201512-8: keepassx: information disclosure
Summary
It was found that XML export function creates hidden XML file containing
user passwords in plaintext without warning, when the export is
canceled, which may go unnoticed by the user.
In this case the password database was exported as the file “.xml†in
the current working directory (often $HOME or the directory of the
database) and is world readable.
Resolution
Upgrade to 0.4.4-1.
# pacman -Syu "keepassx>=0.4.4-1"
The problem has been fixed upstream in version 0.4.4.
References
https://access.redhat.com/security/cve/CVE-2015-8378 https://www.keepassx.org/news/2015/12/551/
Workaround
None.