Open Source Software security discussions, including joint development and review of security patches ()

Huzaifa Sidhpurwala | 9 Aug 2012 07:10

CVE Request: gnome-keyring: improper caching of gpg password/passphrase

Hi All,

gnome-keyring does not obey the configuration asking it
to stop caching passphrases after a while.

More details and patches available at the following
references:

https://bugzilla.gnome.org/show_bug.cgi?id=681081
https://bugzilla.redhat.com/show_bug.cgi?id=845426

Upstream bug suggests that this is a regression from 3.3.x.
But it seems some older versions may also be affected.

Can a CVE id be please assigned to this issue?

Thanks!

--

-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team

headers

Kurt Seifried | 9 Aug 2012 07:19

Re: CVE Request: gnome-keyring: improper caching of gpg password/passphrase


On 08/08/2012 11:10 PM, Huzaifa Sidhpurwala wrote:
> Hi All,
> 
> gnome-keyring does not obey the configuration asking it to stop
> caching passphrases after a while.
> 
> More details and patches available at the following references:
> 
> https://bugzilla.gnome.org/show_bug.cgi?id=681081 
> https://bugzilla.redhat.com/show_bug.cgi?id=845426
> 
> Upstream bug suggests that this is a regression from 3.3.x. But it
> seems some older versions may also be affected.
> 
> Can a CVE id be please assigned to this issue?
> 
> Thanks!

Please use CVE-2012-3466 for this issue.

--

-- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993