oss-security - ldns-keygen creates private key world readable

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <5365277F.1060706@redhat.com>
Date: Sat, 03 May 2014 11:29:35 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: Open Source Security <oss-security@...ts.openwall.com>
Subject: ldns-keygen creates private key world readable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ldns-keygen creates private key world readable

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746758

Same argument as GPG I suppose, so probably deserves a CVE.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTZSd/AAoJEBYNRVNeJnmTmugP/jNYcpGML64bLcSGrD+D4and
KasTcWoYXmM8wLakBsbpQ498p2j2fTzHh3MnI68eESgvSoxUTV31FirBpAejJe85
c6XmIcKb+qZ0MSpfT26nPtW6ypptn2d2kDtu4cgZxjbTgBH1z+KuEwkF+XClB9VO
lbPAitmOM6aCCX0ccnK9UDVYLBDurorK5MNeC5QiCVp3wdrgiEo3pvJAp8bEAMdl
9RQR/EHxXnJqmEQgW1E2A740abpNELU4NSlYM3HQ+3v2hHFErSv2iH5ypuuqaXMc
53NHbBfbQBaEmckapIzQUhJoG1CZFgl1VEiqH4nchvzpkG18pTM8feY9n2CrqTXQ
d3c4kOZv9UPWWipyabqCWrW+qcdqXPYJNi0x1g+a6JjCKkutPrJd14EX5J/Hr9of
bABuyh8cuk8UUIxTL/+jX08zSXyUbB9P3tLF1SOlpnshhuWqk4u58gHuG4q44ceS
BD/G0yZvFQfyApuVzUC7oXuUahGrgSnROljnJgLRo7+VCIXBSgn+i+FtWqjy4oeB
sJme5MfJrwl9lVPutDYivNN5WmDj6plwSeS4xCIQS8K8yXG/dg7UN05B/JGbVbgV
JPSGLbwVLQV7n8Z/J6OMG9iZEO/WDlSTd94DQXA9PaijL5aXdoovjr+8pKpsct9p
LmYIkD0zvbgYOjkJ/U9Z
=knsT
-----END PGP SIGNATURE-----

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.