Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 13 Mar 2013 01:45:18 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Vincent Danen <vdanen@...hat.com>
Subject: Re: CVE request: almanah does not encrypt its database

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/12/2013 03:48 PM, Vincent Danen wrote:
> Could a CVE be assigned to the following?
> 
> 
> It was reported that Almanah does not encrypt its database when it 
> closes, due to GApplication no longer using the quit_main_loop()
> event since GIO 2.32.  This will keep the database unencrypted when
> it should be encrypted.  The upstream bug report has a patch
> attached which corrects the issue.
> 
> References:
> 
> https://bugzilla.gnome.org/show_bug.cgi?id=695117 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702905 
> https://bugzilla.redhat.com/show_bug.cgi?id=920848
> 
> 
> Thanks!

Please use CVE-2013-1853 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRQC6OAAoJEBYNRVNeJnmT0aYQALRuVmbRm8e2BKk8RTNLQndp
T87ZYXRALdvQ18BJDjFfnf8JVMAszEPQujUTNnoStYNbIhHdPM23JRKMeHnU/0OZ
8d2maOEW68SRRmsIhlvqDv3nLrkJcvuRXkojlF0frv03HHBsqyxqcYQ3WrWPDMLN
OXArymEP52+x6RJGEFAhmktelvGqmWBdczfbtwS9uIgbzUFFVPGFZxxRp3lI1DdK
8OhzXSR0R+idFNMmqhOTGegiHGfTl+xXOhJs28Pm/IYAvBihx0r5V7buu0zBerUv
Rd8ry895OmnSUEhVbEh4dFuwj4jR9HDWUFTQ+L87+iqkox3vrq5Nd6/dVTSEyO0J
CgBG8x1Q9fVUCfqYUYzx7mKRKz5+tQAbuam3mEzManJ1h59xEmYeYoN9cJgz2Ri7
SjFCyMKF9jgbT9pvdvqHeg3L9mg2Ay6B5UwBRmsG0U/bAJSiN6NMLdDUakTtlQMF
681JFkiec2MwXGCd0HyEm7GsoPmH6GMHpSlLAx7y/aj8jc3gCUjRFReMCzbXoZVv
fPNOdf/nc9d6TbpKUfO4PztfQ77Z8r69yfARsVlO0KzX7m21CFpLzZS7lEzP8vAh
6cykJyr1ZJFCbwdbGga5gyyv87et7YFbCPNPPOdwXFmhSG9/iXvKSHuvc3uWwpD4
XXggh+4MYIHwAJj0BNSb
=klwP
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ