Kile: Incorrect backup file permission — GLSA 200611-21

Kile uses default permissions for backup files, potentially leading to information disclosure.

Affected packages

app-editors/kile on all architectures
Affected versions < 1.9.2-r1
Unaffected versions >= 1.9.2-r1

Background

Kile is a TeX/LaTeX editor for KDE.

Description

Kile fails to set the same permissions on backup files as on the original file. This is similar to CVE-2005-1920.

Impact

A kile user may inadvertently grant access to sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All Kile users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-editors/kile-1.9.2-r1"

References

Release date
November 27, 2006

Latest revision
November 27, 2006: 01

Severity
low

Exploitable
local

Bugzilla entries