oss-sec mailing list archives

Re: CVE Request: gnome-keyring: improper caching of gpg password/passphrase

From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 08 Aug 2012 23:19:22 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/08/2012 11:10 PM, Huzaifa Sidhpurwala wrote:

Hi All,

gnome-keyring does not obey the configuration asking it to stop
caching passphrases after a while.

More details and patches available at the following references:

https://bugzilla.gnome.org/show_bug.cgi?id=681081 
https://bugzilla.redhat.com/show_bug.cgi?id=845426

Upstream bug suggests that this is a regression from 3.3.x. But it
seems some older versions may also be affected.

Can a CVE id be please assigned to this issue?

Thanks!


Please use CVE-2012-3466 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQI0haAAoJEBYNRVNeJnmT4SwQALVKkEje7tgKBOTNE8L0IDmW
WN4LR4I25PGpd9qs8IirMtcXDre1daayQkJP1r3modVQ6jLq0UHcc+gV5Pv6/Wkh
N3/DWT7L3gCXHjzkeDQJAsiV2UeJTGRz39wsWRyQGwMdZdNp/50B6FWo6YfP2C8Z
+iWdRkgDvQxlUmSq1NqfQtuWU0X8aZxUZUxzEKfA6N5q7idQPkVocy6FeuxN2MGh
IYJ426Ov7J42hvbBUONphFu4syq1to54uFyeVngcOy0pvKgV6h5BWsOPuXuu4b9T
par36GNavCfCAIVBADSJwTWghHdauPKKnuNQFqwLmWU1cw19QATv1q6+sxLSLWT1
7HT0rL/tUIsKgI70K1VC11yTXvcoKzNTe1lsaMoKw9Dyl/wEO8dKEKflGL+GpqOQ
a17A1qz3K7VxCR0bM0ztT+ocsmvpJGw5pOnSP0thWxV/vnp5waZyW9Z6Ul49n+6P
wzI68iHAHTN+d/P3TpzxOxS/YxRFagdrWNZcrWkCSOCraMf3fCY84A83lNKlRP6g
CAaZ0yjSsn8MZXQPp8AwzMmA4hjOvAq3ZJZcjyGGvT2B2vgdTmEd9ODi1M834wLg
4LDe5vZofnaU80l00eYN/miavShdyDAEdla60jcV+BGcgcNiw8ik+0WISSjHjLA8
mG98psivTMRZe5Y7x6W/
=c7Eq
-----END PGP SIGNATURE-----

Current thread:

CVE Request: gnome-keyring: improper caching of gpg password/passphrase Huzaifa Sidhpurwala (Aug 08)
- Re: CVE Request: gnome-keyring: improper caching of gpg password/passphrase Kurt Seifried (Aug 08)