oss-sec mailing list archives
CVE request: almanah does not encrypt its database
From: Vincent Danen <vdanen () redhat com>
Date: Tue, 12 Mar 2013 15:48:12 -0600
Could a CVE be assigned to the following? It was reported that Almanah does not encrypt its database when it closes, due to GApplication no longer using the quit_main_loop() event since GIO 2.32. This will keep the database unencrypted when it should be encrypted. The upstream bug report has a patch attached which corrects the issue. References: https://bugzilla.gnome.org/show_bug.cgi?id=695117 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702905 https://bugzilla.redhat.com/show_bug.cgi?id=920848 Thanks! --Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request: almanah does not encrypt its database Vincent Danen (Mar 12)
- Re: CVE request: almanah does not encrypt its database Kurt Seifried (Mar 13)