oss-sec mailing list archives
Re: CVE Request: Python keyring
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 27 Nov 2012 00:30:54 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/16/2012 09:14 AM, Marc Deslauriers wrote:
Hello, Python keyring before 0.10 created keyring files world-readable by default. Fixed in the following commit: https://bitbucket.org/kang/python-keyring-lib/changeset/049cd181470f1ee6c540e1d64acf1def7b1de0c1 Bugs: https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1031465
https://bitbucket.org/kang/python-keyring-lib/issue/67/set-go-rwx-on-keyring_passcfg
Could a CVE please be assigned to this issue? Thanks, Marc.
Please use CVE-2012-5577 for the Python keyring 0.9.2 keyring file permissions, partially fixed in version 0.10 - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQtGwtAAoJEBYNRVNeJnmT5xAQAI/KnhhVrUn4qMjixux9SQmI fvLnOwXmGrsOpW/N+1lgDa/LlPhAjPYhB+lDO2jHgeKCffBkYXFC7IlGOdSVuVSF RAzXB50UqtP7eQcwwhYthtByfABYhXU7UrORsCfqZjSTuZ+gqccp3t3EjWODpJnw MjyuZD3qXlaGfjFaS8DwXdymo8l1fyPxDI03LfmZAiPTmsuyORUJMZ95ycoPnGOp nVM3tcAJEhB+U757U1AdGx0cKZqzgZlC2yVr+I/5ysjGjorTh4iXdjNEnXGTW0qw UmbOpKiAzXBVIqVu4fccWp8va5GbjAcYpQDIOgcctTi4090LVO5LTRAJBJETVMH6 JN9Ntbp2SYoDHMswlzjcc/RMH/2HZfmykUJ9fXA4EqTfe5dfpRX8JJEBAy9sVlan neyagOicg8mZbhhFpEICgAtyo7Nz4GO0ssmEpunpKQg4pQn/TCvS0tnkCZFU65Fe oaNhX3bo7bX+ZNZCcW4Wvu+aT1twmWpU9E6Jm7NuaH5WTpPDVMJ36xsuHo7sr4jr aAwDtYnO13Ia5iHc0gNfKpc9e+0JSd4ZGvIHI9T2UtNrDvOg/Tg/TVwQYjdavCBL bZFEQ2iNbuTlpAUUtVAyWYF5C2yyn1DoGOECizsds/UceszUyg45zJKqyiENn5eg qQKkDZShqtDqeHjAL7Xr =URYX -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Python keyring Marc Deslauriers (Oct 05)
- Re: CVE Request: Python keyring Raphael Geissert (Oct 30)
- Re: CVE Request: Python keyring Kurt Seifried (Oct 31)
- <Possible follow-ups>
- CVE Request: Python keyring Marc Deslauriers (Nov 16)
- Re: CVE Request: Python keyring Marc Deslauriers (Nov 19)
- Re: CVE Request: Python keyring Matthias Weckbecker (Nov 22)
- Re: CVE Request: Python keyring Kurt Seifried (Nov 26)
- Re: CVE Request: Python keyring Marc Deslauriers (Nov 19)
- Re: CVE Request: Python keyring Kurt Seifried (Nov 26)
- Re: CVE Request: Python keyring Raphael Geissert (Oct 30)