Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <50B46C2E.4050204@redhat.com>
Date: Tue, 27 Nov 2012 00:30:54 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Marc Deslauriers <marc.deslauriers@...onical.com>, coley@...re.org
Subject: Re: CVE Request: Python keyring

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/16/2012 09:14 AM, Marc Deslauriers wrote:
> Hello,
> 
> Python keyring before 0.10 created keyring files world-readable by
> default.
> 
> Fixed in the following commit: 
> https://bitbucket.org/kang/python-keyring-lib/changeset/049cd181470f1ee6c540e1d64acf1def7b1de0c1
>
>  Bugs:
> 
> https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1031465
>
> 
https://bitbucket.org/kang/python-keyring-lib/issue/67/set-go-rwx-on-keyring_passcfg
> 
> Could a CVE please be assigned to this issue?
> 
> Thanks,
> 
> Marc.

Please use CVE-2012-5577 for the Python keyring 0.9.2 keyring file
permissions, partially fixed in version 0.10


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQtGwtAAoJEBYNRVNeJnmT5xAQAI/KnhhVrUn4qMjixux9SQmI
fvLnOwXmGrsOpW/N+1lgDa/LlPhAjPYhB+lDO2jHgeKCffBkYXFC7IlGOdSVuVSF
RAzXB50UqtP7eQcwwhYthtByfABYhXU7UrORsCfqZjSTuZ+gqccp3t3EjWODpJnw
MjyuZD3qXlaGfjFaS8DwXdymo8l1fyPxDI03LfmZAiPTmsuyORUJMZ95ycoPnGOp
nVM3tcAJEhB+U757U1AdGx0cKZqzgZlC2yVr+I/5ysjGjorTh4iXdjNEnXGTW0qw
UmbOpKiAzXBVIqVu4fccWp8va5GbjAcYpQDIOgcctTi4090LVO5LTRAJBJETVMH6
JN9Ntbp2SYoDHMswlzjcc/RMH/2HZfmykUJ9fXA4EqTfe5dfpRX8JJEBAy9sVlan
neyagOicg8mZbhhFpEICgAtyo7Nz4GO0ssmEpunpKQg4pQn/TCvS0tnkCZFU65Fe
oaNhX3bo7bX+ZNZCcW4Wvu+aT1twmWpU9E6Jm7NuaH5WTpPDVMJ36xsuHo7sr4jr
aAwDtYnO13Ia5iHc0gNfKpc9e+0JSd4ZGvIHI9T2UtNrDvOg/Tg/TVwQYjdavCBL
bZFEQ2iNbuTlpAUUtVAyWYF5C2yyn1DoGOECizsds/UceszUyg45zJKqyiENn5eg
qQKkDZShqtDqeHjAL7Xr
=URYX
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.