Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request: Python keyring
From: Matthias Weckbecker <mweckbecker () suse de>
Date: Thu, 22 Nov 2012 14:38:57 +0100

Hi Marc,

On Monday 19 November 2012 17:09:07 Marc Deslauriers wrote:
On 12-11-16 11:14 AM, Marc Deslauriers wrote:
Hello,

Python keyring before 0.10 created keyring files world-readable by
default.

[...]

Could a CVE please be assigned to this issue?

Actually, that fix only changes the permissions on database files that
were migrated from previous versions, it doesn't fix permissions on
newly created database files.

It would appear python-keyring still creates new database files with
inappropriate permissions.


New bug report seems to be at [1], I assume. Has there already been a CVE
assigned actually?

[1] http://bitbucket.org/kang/python-keyring-lib/issue/76/insecure-database-file-permissions
(with patches attached too)

Marc.

Thanks, Matthias

-- 
Matthias Weckbecker, Senior Security Engineer, SUSE Security Team
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg, Germany
Tel: +49-911-74053-0;  http://suse.com/
SUSE LINUX Products GmbH, GF: Jeff Hawn, HRB 16746 (AG Nuernberg) 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]