It was reported [1] that Almanah does not encrypt its database when it closes, due to GApplication no longer using the quit_main_loop() event since GIO 2.32. This will keep the database unencrypted when it should be encrypted. The upstream bug report has a patch attached which corrects the issue. [1] https://bugzilla.gnome.org/show_bug.cgi?id=695117
Created almanah tracking bugs for this issue Affects: fedora-all [bug 920852]
The CVE identifier of CVE-2013-1853 has been assigned to this issue: [2] http://www.openwall.com/lists/oss-security/2013/03/13/1
This is fixed in upstream 0.10.1 version, as per the NEWS file: https://git.gnome.org/browse/almanah/tree/NEWS Current Fedora 18+ are using this version.