oss-sec mailing list archives
Re: CVE Request: Python keyring
From: Matthias Weckbecker <mweckbecker () suse de>
Date: Thu, 22 Nov 2012 14:38:57 +0100
Hi Marc, On Monday 19 November 2012 17:09:07 Marc Deslauriers wrote:
On 12-11-16 11:14 AM, Marc Deslauriers wrote:Hello, Python keyring before 0.10 created keyring files world-readable by default.
[...]
Could a CVE please be assigned to this issue?Actually, that fix only changes the permissions on database files that were migrated from previous versions, it doesn't fix permissions on newly created database files. It would appear python-keyring still creates new database files with inappropriate permissions.
New bug report seems to be at [1], I assume. Has there already been a CVE assigned actually? [1] http://bitbucket.org/kang/python-keyring-lib/issue/76/insecure-database-file-permissions (with patches attached too)
Marc.
Thanks, Matthias -- Matthias Weckbecker, Senior Security Engineer, SUSE Security Team SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg, Germany Tel: +49-911-74053-0; http://suse.com/ SUSE LINUX Products GmbH, GF: Jeff Hawn, HRB 16746 (AG Nuernberg)
Current thread:
- CVE Request: Python keyring Marc Deslauriers (Oct 05)
- Re: CVE Request: Python keyring Raphael Geissert (Oct 30)
- Re: CVE Request: Python keyring Kurt Seifried (Oct 31)
- <Possible follow-ups>
- CVE Request: Python keyring Marc Deslauriers (Nov 16)
- Re: CVE Request: Python keyring Marc Deslauriers (Nov 19)
- Re: CVE Request: Python keyring Matthias Weckbecker (Nov 22)
- Re: CVE Request: Python keyring Kurt Seifried (Nov 26)
- Re: CVE Request: Python keyring Marc Deslauriers (Nov 19)
- Re: CVE Request: Python keyring Kurt Seifried (Nov 26)
- Re: CVE Request: Python keyring Raphael Geissert (Oct 30)