Re: gnome-keyring does not discard stored secrets in some cases

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/10/2013 11:45 PM, Florian Weimer wrote:
> We've received a bug report that gnome-keyring client library does
> not instruct the daemon to discard secrets when using the 
> gnome_keyring_lock_all_sync function:
>
> <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697896> 
> <https://bugzilla.gnome.org/show_bug.cgi?id=690466>
>
> The function is simply not implemented.
>
> I had trouble finding a caller of this function, but the submitter 
> indicated that gnome-power-manager uses it in older versions:
>
> <http://git.gnome.org/browse/gnome-power-manager/tree/src/gpm-control.c?h=gnome-2-32#n162>
>
>  I'm not sure if this needs a CVE, but it's probably worth fixing 
> anyway.

What security violationoccurs/what trust boundary is crossed?

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ78FxAAoJEBYNRVNeJnmTJYYQAJ0/+QATzrHed6H3Mu58jqDD
oP6414l5SHw8i43y7IbDNXO8vK5MBLHODbKrQRG3o3VZWwSxN5olZhKd0xXaweJu
Xw0s7EJVsvqZx10V271ZmJejpkVXXPBvxjKbHEwHAMz7JFck4vpCY//Scd1bXC5b
tQFvZ7RakkYvc3yNp/BwHUQOYhhMifdS14pPXiVdJlolbtOlp2FwMubYRehuWrhL
kMC65K0X52dX053mGNVpeT/WQPZoS2HggzADK7RPw5tnq70tVAcglklqfu+9O0wn
vfFLgA+tUJpV0Nj2B678ABjmnJZ9OLNPu6aKR2l4FvosuAstqY5bNqxOVKMloQIT
C1GMRYyC5olmhco0DzGw/ECXbcVwjxAjTkYZa0PN04VmMqph/YdqjMygbTgJMuUb
OXTWzLo0XG68veNsq6brB/Wr3Dgm1S2QBPl2s3EcIvKU3OQuiSxb1mQOwo+iMSvM
bYchq6Fl/USezF70JMC+/O5lV1KmGl2SqFjKZdXRPeNUqyQ8cG9yxpWSPSHK1HS3
gYZtCHnBLT8/Etl8pDhFfunMArmvS6mTUuQ2iE9nwuuSu6nPWNvWVGMcjnB/p0vG
09KFnNZplSLPncTro6LKqoO92UsiMmAUaYc+OkhbKuUyqws6loL2n46Czk9rv8g0
OQwQ/zjHD2MgopKbwRXF
=+WA1
-----END PGP SIGNATURE-----