CVE-2012-6655: An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.
CVE-2012-6655: An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.
vcswatch reports that
this package has been uploaded into the archive but the debian/changelog in the
VCS is still UNRELEASED. You should consider pushing the missing commits
or updating the VCS.
CVE-2012-6655: An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.
CVE-2018-14036: Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.
CVE-2012-6655: An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords.
Please fix it.
Standards version of the package is outdated.
wishlist
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.5.0 instead of
4.4.1).
![[bug history graph]](https://qa.debian.org/data/bts/graphs/a/accountsservice.png){kind=link}