Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 12 Mar 2013 15:48:12 -0600
From: Vincent Danen <vdanen@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: almanah does not encrypt its database

Could a CVE be assigned to the following?


It was reported that Almanah does not encrypt its database when it
closes, due to GApplication no longer using the quit_main_loop() event
since GIO 2.32.  This will keep the database unencrypted when it should
be encrypted.  The upstream bug report has a patch attached which
corrects the issue.

References:

https://bugzilla.gnome.org/show_bug.cgi?id=695117
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702905
https://bugzilla.redhat.com/show_bug.cgi?id=920848


Thanks!

-- 
Vincent Danen / Red Hat Security Response Team 

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ