Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <5023485A.2090800@redhat.com>
Date: Wed, 08 Aug 2012 23:19:22 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Huzaifa Sidhpurwala <huzaifas@...hat.com>
Subject: Re: CVE Request: gnome-keyring: improper caching of
 gpg password/passphrase

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/08/2012 11:10 PM, Huzaifa Sidhpurwala wrote:
> Hi All,
> 
> gnome-keyring does not obey the configuration asking it to stop
> caching passphrases after a while.
> 
> More details and patches available at the following references:
> 
> https://bugzilla.gnome.org/show_bug.cgi?id=681081 
> https://bugzilla.redhat.com/show_bug.cgi?id=845426
> 
> Upstream bug suggests that this is a regression from 3.3.x. But it
> seems some older versions may also be affected.
> 
> Can a CVE id be please assigned to this issue?
> 
> Thanks!

Please use CVE-2012-3466 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQI0haAAoJEBYNRVNeJnmT4SwQALVKkEje7tgKBOTNE8L0IDmW
WN4LR4I25PGpd9qs8IirMtcXDre1daayQkJP1r3modVQ6jLq0UHcc+gV5Pv6/Wkh
N3/DWT7L3gCXHjzkeDQJAsiV2UeJTGRz39wsWRyQGwMdZdNp/50B6FWo6YfP2C8Z
+iWdRkgDvQxlUmSq1NqfQtuWU0X8aZxUZUxzEKfA6N5q7idQPkVocy6FeuxN2MGh
IYJ426Ov7J42hvbBUONphFu4syq1to54uFyeVngcOy0pvKgV6h5BWsOPuXuu4b9T
par36GNavCfCAIVBADSJwTWghHdauPKKnuNQFqwLmWU1cw19QATv1q6+sxLSLWT1
7HT0rL/tUIsKgI70K1VC11yTXvcoKzNTe1lsaMoKw9Dyl/wEO8dKEKflGL+GpqOQ
a17A1qz3K7VxCR0bM0ztT+ocsmvpJGw5pOnSP0thWxV/vnp5waZyW9Z6Ul49n+6P
wzI68iHAHTN+d/P3TpzxOxS/YxRFagdrWNZcrWkCSOCraMf3fCY84A83lNKlRP6g
CAaZ0yjSsn8MZXQPp8AwzMmA4hjOvAq3ZJZcjyGGvT2B2vgdTmEd9ODi1M834wLg
4LDe5vZofnaU80l00eYN/miavShdyDAEdla60jcV+BGcgcNiw8ik+0WISSjHjLA8
mG98psivTMRZe5Y7x6W/
=c7Eq
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.