Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 08 Aug 2012 23:19:22 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Huzaifa Sidhpurwala <huzaifas@...hat.com>
Subject: Re: CVE Request: gnome-keyring: improper caching of
 gpg password/passphrase

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/08/2012 11:10 PM, Huzaifa Sidhpurwala wrote:
> Hi All,
> 
> gnome-keyring does not obey the configuration asking it to stop
> caching passphrases after a while.
> 
> More details and patches available at the following references:
> 
> https://bugzilla.gnome.org/show_bug.cgi?id=681081 
> https://bugzilla.redhat.com/show_bug.cgi?id=845426
> 
> Upstream bug suggests that this is a regression from 3.3.x. But it
> seems some older versions may also be affected.
> 
> Can a CVE id be please assigned to this issue?
> 
> Thanks!

Please use CVE-2012-3466 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQI0haAAoJEBYNRVNeJnmT4SwQALVKkEje7tgKBOTNE8L0IDmW
WN4LR4I25PGpd9qs8IirMtcXDre1daayQkJP1r3modVQ6jLq0UHcc+gV5Pv6/Wkh
N3/DWT7L3gCXHjzkeDQJAsiV2UeJTGRz39wsWRyQGwMdZdNp/50B6FWo6YfP2C8Z
+iWdRkgDvQxlUmSq1NqfQtuWU0X8aZxUZUxzEKfA6N5q7idQPkVocy6FeuxN2MGh
IYJ426Ov7J42hvbBUONphFu4syq1to54uFyeVngcOy0pvKgV6h5BWsOPuXuu4b9T
par36GNavCfCAIVBADSJwTWghHdauPKKnuNQFqwLmWU1cw19QATv1q6+sxLSLWT1
7HT0rL/tUIsKgI70K1VC11yTXvcoKzNTe1lsaMoKw9Dyl/wEO8dKEKflGL+GpqOQ
a17A1qz3K7VxCR0bM0ztT+ocsmvpJGw5pOnSP0thWxV/vnp5waZyW9Z6Ul49n+6P
wzI68iHAHTN+d/P3TpzxOxS/YxRFagdrWNZcrWkCSOCraMf3fCY84A83lNKlRP6g
CAaZ0yjSsn8MZXQPp8AwzMmA4hjOvAq3ZJZcjyGGvT2B2vgdTmEd9ODi1M834wLg
4LDe5vZofnaU80l00eYN/miavShdyDAEdla60jcV+BGcgcNiw8ik+0WISSjHjLA8
mG98psivTMRZe5Y7x6W/
=c7Eq
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ