oss-sec mailing list archives

Re: CVE request: almanah does not encrypt its database

From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 13 Mar 2013 01:45:18 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/12/2013 03:48 PM, Vincent Danen wrote:

Could a CVE be assigned to the following?


It was reported that Almanah does not encrypt its database when it 
closes, due to GApplication no longer using the quit_main_loop()
event since GIO 2.32.  This will keep the database unencrypted when
it should be encrypted.  The upstream bug report has a patch
attached which corrects the issue.

References:

https://bugzilla.gnome.org/show_bug.cgi?id=695117 
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702905 
https://bugzilla.redhat.com/show_bug.cgi?id=920848


Thanks!


Please use CVE-2013-1853 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRQC6OAAoJEBYNRVNeJnmT0aYQALRuVmbRm8e2BKk8RTNLQndp
T87ZYXRALdvQ18BJDjFfnf8JVMAszEPQujUTNnoStYNbIhHdPM23JRKMeHnU/0OZ
8d2maOEW68SRRmsIhlvqDv3nLrkJcvuRXkojlF0frv03HHBsqyxqcYQ3WrWPDMLN
OXArymEP52+x6RJGEFAhmktelvGqmWBdczfbtwS9uIgbzUFFVPGFZxxRp3lI1DdK
8OhzXSR0R+idFNMmqhOTGegiHGfTl+xXOhJs28Pm/IYAvBihx0r5V7buu0zBerUv
Rd8ry895OmnSUEhVbEh4dFuwj4jR9HDWUFTQ+L87+iqkox3vrq5Nd6/dVTSEyO0J
CgBG8x1Q9fVUCfqYUYzx7mKRKz5+tQAbuam3mEzManJ1h59xEmYeYoN9cJgz2Ri7
SjFCyMKF9jgbT9pvdvqHeg3L9mg2Ay6B5UwBRmsG0U/bAJSiN6NMLdDUakTtlQMF
681JFkiec2MwXGCd0HyEm7GsoPmH6GMHpSlLAx7y/aj8jc3gCUjRFReMCzbXoZVv
fPNOdf/nc9d6TbpKUfO4PztfQ77Z8r69yfARsVlO0KzX7m21CFpLzZS7lEzP8vAh
6cykJyr1ZJFCbwdbGga5gyyv87et7YFbCPNPPOdwXFmhSG9/iXvKSHuvc3uWwpD4
XXggh+4MYIHwAJj0BNSb
=klwP
-----END PGP SIGNATURE-----

Current thread:

CVE request: almanah does not encrypt its database Vincent Danen (Mar 12)
- Re: CVE request: almanah does not encrypt its database Kurt Seifried (Mar 13)