http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3816 http://krusader.sourceforge.net/phpBB/viewtopic.php?p=7965 Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file (krbookmarks.xml), which allows attackers to steal passwords by obtaining the file. FE[345] and devel affected.
Thanks for bug report. Bug is fixed in 1.70.1-1. Sorry for such delay in case of security bug, but I was on holiday.
Did you remember to push FC-5 and devel builds too? FC-3 and FC-4 are at 1.70.1 but FC-5 and devel still at 1.70.0.
Yes I did, but I didn't noticed that result files from ppc builder couldn't be downloaded. I've requeued that two packages and this time everything went fine. Thanks for pointing out.