oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: Python keyring

From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 27 Nov 2012 00:30:54 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/16/2012 09:14 AM, Marc Deslauriers wrote:

Hello,

Python keyring before 0.10 created keyring files world-readable by
default.

Fixed in the following commit: 
https://bitbucket.org/kang/python-keyring-lib/changeset/049cd181470f1ee6c540e1d64acf1def7b1de0c1

 Bugs:

https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1031465



https://bitbucket.org/kang/python-keyring-lib/issue/67/set-go-rwx-on-keyring_passcfg


Could a CVE please be assigned to this issue?

Thanks,

Marc.


Please use CVE-2012-5577 for the Python keyring 0.9.2 keyring file
permissions, partially fixed in version 0.10


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQtGwtAAoJEBYNRVNeJnmT5xAQAI/KnhhVrUn4qMjixux9SQmI
fvLnOwXmGrsOpW/N+1lgDa/LlPhAjPYhB+lDO2jHgeKCffBkYXFC7IlGOdSVuVSF
RAzXB50UqtP7eQcwwhYthtByfABYhXU7UrORsCfqZjSTuZ+gqccp3t3EjWODpJnw
MjyuZD3qXlaGfjFaS8DwXdymo8l1fyPxDI03LfmZAiPTmsuyORUJMZ95ycoPnGOp
nVM3tcAJEhB+U757U1AdGx0cKZqzgZlC2yVr+I/5ysjGjorTh4iXdjNEnXGTW0qw
UmbOpKiAzXBVIqVu4fccWp8va5GbjAcYpQDIOgcctTi4090LVO5LTRAJBJETVMH6
JN9Ntbp2SYoDHMswlzjcc/RMH/2HZfmykUJ9fXA4EqTfe5dfpRX8JJEBAy9sVlan
neyagOicg8mZbhhFpEICgAtyo7Nz4GO0ssmEpunpKQg4pQn/TCvS0tnkCZFU65Fe
oaNhX3bo7bX+ZNZCcW4Wvu+aT1twmWpU9E6Jm7NuaH5WTpPDVMJ36xsuHo7sr4jr
aAwDtYnO13Ia5iHc0gNfKpc9e+0JSd4ZGvIHI9T2UtNrDvOg/Tg/TVwQYjdavCBL
bZFEQ2iNbuTlpAUUtVAyWYF5C2yyn1DoGOECizsds/UceszUyg45zJKqyiENn5eg
qQKkDZShqtDqeHjAL7Xr
=URYX
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: