Date: Fri, 11 Jan 2013 07:45:22 +0100 From: Florian Weimer <fw@...eb.enyo.de> To: oss-security@...ts.openwall.com Subject: gnome-keyring does not discard stored secrets in some cases We've received a bug report that gnome-keyring client library does not instruct the daemon to discard secrets when using the gnome_keyring_lock_all_sync function: <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697896> <https://bugzilla.gnome.org/show_bug.cgi?id=690466> The function is simply not implemented. I had trouble finding a caller of this function, but the submitter indicated that gnome-power-manager uses it in older versions: <http://git.gnome.org/browse/gnome-power-manager/tree/src/gpm-control.c?h=gnome-2-32#n162> I'm not sure if this needs a CVE, but it's probably worth fixing anyway.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.