|
oss-sec
mailing list archives
Re: CVE Request: Python keyring
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 27 Nov 2012 00:30:54 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 11/16/2012 09:14 AM, Marc Deslauriers wrote:
Hello,
Python keyring before 0.10 created keyring files world-readable by
default.
Fixed in the following commit:
https://bitbucket.org/kang/python-keyring-lib/changeset/049cd181470f1ee6c540e1d64acf1def7b1de0c1
Bugs:
https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1031465
https://bitbucket.org/kang/python-keyring-lib/issue/67/set-go-rwx-on-keyring_passcfg
Could a CVE please be assigned to this issue?
Thanks,
Marc.
Please use CVE-2012-5577 for the Python keyring 0.9.2 keyring file
permissions, partially fixed in version 0.10
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJQtGwtAAoJEBYNRVNeJnmT5xAQAI/KnhhVrUn4qMjixux9SQmI
fvLnOwXmGrsOpW/N+1lgDa/LlPhAjPYhB+lDO2jHgeKCffBkYXFC7IlGOdSVuVSF
RAzXB50UqtP7eQcwwhYthtByfABYhXU7UrORsCfqZjSTuZ+gqccp3t3EjWODpJnw
MjyuZD3qXlaGfjFaS8DwXdymo8l1fyPxDI03LfmZAiPTmsuyORUJMZ95ycoPnGOp
nVM3tcAJEhB+U757U1AdGx0cKZqzgZlC2yVr+I/5ysjGjorTh4iXdjNEnXGTW0qw
UmbOpKiAzXBVIqVu4fccWp8va5GbjAcYpQDIOgcctTi4090LVO5LTRAJBJETVMH6
JN9Ntbp2SYoDHMswlzjcc/RMH/2HZfmykUJ9fXA4EqTfe5dfpRX8JJEBAy9sVlan
neyagOicg8mZbhhFpEICgAtyo7Nz4GO0ssmEpunpKQg4pQn/TCvS0tnkCZFU65Fe
oaNhX3bo7bX+ZNZCcW4Wvu+aT1twmWpU9E6Jm7NuaH5WTpPDVMJ36xsuHo7sr4jr
aAwDtYnO13Ia5iHc0gNfKpc9e+0JSd4ZGvIHI9T2UtNrDvOg/Tg/TVwQYjdavCBL
bZFEQ2iNbuTlpAUUtVAyWYF5C2yyn1DoGOECizsds/UceszUyg45zJKqyiENn5eg
qQKkDZShqtDqeHjAL7Xr
=URYX
-----END PGP SIGNATURE-----
 By Date 
By Thread
Current thread:
| 
