Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 16 Nov 2012 11:14:41 -0500
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: coley@...us.mitre.org
CC: oss-security@...ts.openwall.com
Subject: CVE Request: Python keyring

Hello,

Python keyring before 0.10 created keyring files world-readable by default.

Fixed in the following commit:
https://bitbucket.org/kang/python-keyring-lib/changeset/049cd181470f1ee6c540e1d64acf1def7b1de0c1

Bugs:

https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1031465
https://bitbucket.org/kang/python-keyring-lib/issue/67/set-go-rwx-on-keyring_passcfg

Could a CVE please be assigned to this issue?

Thanks,

Marc.


-- 
Marc Deslauriers
Ubuntu Security Engineer     | http://www.ubuntu.com/
Canonical Ltd.               | http://www.canonical.com/

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.