oss-sec mailing list archives
Re: CVE Request: gnome-keyring: improper caching of gpg password/passphrase
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 08 Aug 2012 23:19:22 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/08/2012 11:10 PM, Huzaifa Sidhpurwala wrote:
Hi All, gnome-keyring does not obey the configuration asking it to stop caching passphrases after a while. More details and patches available at the following references: https://bugzilla.gnome.org/show_bug.cgi?id=681081 https://bugzilla.redhat.com/show_bug.cgi?id=845426 Upstream bug suggests that this is a regression from 3.3.x. But it seems some older versions may also be affected. Can a CVE id be please assigned to this issue? Thanks!
Please use CVE-2012-3466 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJQI0haAAoJEBYNRVNeJnmT4SwQALVKkEje7tgKBOTNE8L0IDmW WN4LR4I25PGpd9qs8IirMtcXDre1daayQkJP1r3modVQ6jLq0UHcc+gV5Pv6/Wkh N3/DWT7L3gCXHjzkeDQJAsiV2UeJTGRz39wsWRyQGwMdZdNp/50B6FWo6YfP2C8Z +iWdRkgDvQxlUmSq1NqfQtuWU0X8aZxUZUxzEKfA6N5q7idQPkVocy6FeuxN2MGh IYJ426Ov7J42hvbBUONphFu4syq1to54uFyeVngcOy0pvKgV6h5BWsOPuXuu4b9T par36GNavCfCAIVBADSJwTWghHdauPKKnuNQFqwLmWU1cw19QATv1q6+sxLSLWT1 7HT0rL/tUIsKgI70K1VC11yTXvcoKzNTe1lsaMoKw9Dyl/wEO8dKEKflGL+GpqOQ a17A1qz3K7VxCR0bM0ztT+ocsmvpJGw5pOnSP0thWxV/vnp5waZyW9Z6Ul49n+6P wzI68iHAHTN+d/P3TpzxOxS/YxRFagdrWNZcrWkCSOCraMf3fCY84A83lNKlRP6g CAaZ0yjSsn8MZXQPp8AwzMmA4hjOvAq3ZJZcjyGGvT2B2vgdTmEd9ODi1M834wLg 4LDe5vZofnaU80l00eYN/miavShdyDAEdla60jcV+BGcgcNiw8ik+0WISSjHjLA8 mG98psivTMRZe5Y7x6W/ =c7Eq -----END PGP SIGNATURE-----
Current thread:
- CVE Request: gnome-keyring: improper caching of gpg password/passphrase Huzaifa Sidhpurwala (Aug 08)
- Re: CVE Request: gnome-keyring: improper caching of gpg password/passphrase Kurt Seifried (Aug 08)