Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Jan 2013 07:45:22 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: oss-security@...ts.openwall.com
Subject: gnome-keyring does not discard stored secrets in some cases

We've received a bug report that gnome-keyring client library does not
instruct the daemon to discard secrets when using the
gnome_keyring_lock_all_sync function:

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697896>
<https://bugzilla.gnome.org/show_bug.cgi?id=690466>

The function is simply not implemented.

I had trouble finding a caller of this function, but the submitter
indicated that gnome-power-manager uses it in older versions:

<http://git.gnome.org/browse/gnome-power-manager/tree/src/gpm-control.c?h=gnome-2-32#n162>

I'm not sure if this needs a CVE, but it's probably worth fixing
anyway.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.