Your message dated Sun, 19 Aug 2012 21:03:02 +0000 with message-id <e1t3cee-0002bp...@franck.debian.org> and subject line Bug#683655: fixed in gnome-keyring 3.4.1-5 has caused the Debian Bug report #683655, regarding gnome-keyring: gpg passphrase cached forever to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 683655: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683655 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: gnome-keyring Version: 3.4.1-4 Severity: grave Tags: security Justification: user security hole At some point gnome-keyring seemed to obey the configuration asking it to stop caching passphrases after a while. It no longer does. $ gsettings list-recursively org.gnome.crypto.cache org.gnome.crypto.cache gpg-cache-authorize false org.gnome.crypto.cache gpg-cache-method 'idle' org.gnome.crypto.cache gpg-cache-ttl 600 Yet I'm never asked for the passphrase again. Cheers, Julien -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'stable'), (101, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages gnome-keyring depends on: ii dbus-x11 1.6.2-2 ii dconf-gsettings-backend [gsettings-backend] 0.12.1-2 ii gcr 3.4.1-3 ii libc6 2.13-35 ii libcap-ng0 0.6.6-2 ii libcap2-bin 1:2.22-1.1 ii libdbus-1-3 1.6.2-2 ii libgck-1-0 3.4.1-3 ii libgcr-3-1 3.4.1-3 ii libgcrypt11 1.5.0-3 ii libglib2.0-0 2.32.3-1 ii libgtk-3-0 3.4.2-2 Versions of packages gnome-keyring recommends: ii libpam-gnome-keyring 3.4.1-4 gnome-keyring suggests no packages. -- no debconf information
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---Source: gnome-keyring Source-Version: 3.4.1-5 We believe that the bug you reported is fixed in the latest version of gnome-keyring, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 683...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laurent Bigonville <bi...@debian.org> (supplier of updated gnome-keyring package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 19 Aug 2012 22:01:53 +0200 Source: gnome-keyring Binary: gnome-keyring libpam-gnome-keyring Architecture: source amd64 Version: 3.4.1-5 Distribution: unstable Urgency: low Maintainer: Josselin Mouette <j...@debian.org> Changed-By: Laurent Bigonville <bi...@debian.org> Description: gnome-keyring - GNOME keyring services (daemon and tools) libpam-gnome-keyring - PAM module to unlock the GNOME keyring upon login Closes: 683655 Changes: gnome-keyring (3.4.1-5) unstable; urgency=low . * d/p/0001-schema-Update-description-for-gpg-cache-method.patch, d/p/0002-gpg-agent-Hook-up-the-TTL-cache-option.patch, d/p/0003-secret-store-Mark-a-secret-item-as-used-when-accesse.patch: Properly expire caching of the GPG passphrases (Taken from upstream) (Closes: #683655, CVE-2012-3466) Checksums-Sha1: e1764fb4c9685d5f5591e014ef8c65e33c29d706 2316 gnome-keyring_3.4.1-5.dsc 0b7a75cc0949fe5968fb3f10d9e5e6fc5c73dcd0 18183 gnome-keyring_3.4.1-5.debian.tar.gz 79b6e0ca8456f28f049e7a46a3ee2a384966fe97 935506 gnome-keyring_3.4.1-5_amd64.deb 919660dd51bc36f6d85878ea57131f8ded50c8f6 251224 libpam-gnome-keyring_3.4.1-5_amd64.deb Checksums-Sha256: aee4370f0e26074ba9f79fd7d01f845409fc4b60ec8f7822b9b658bb3b388c3c 2316 gnome-keyring_3.4.1-5.dsc ee2986fc14f5e379818ade0843b5c005844fcb9dcf216db88070258bd0dd7f5a 18183 gnome-keyring_3.4.1-5.debian.tar.gz 2571b729382b478ea6022fe9a45d128f61cf63fd35b39a5e2ad00ea15a96381b 935506 gnome-keyring_3.4.1-5_amd64.deb ec2b7228d28bd531271dcb538a2ed600e37d32fa0311c516a1da66d3a5d03396 251224 libpam-gnome-keyring_3.4.1-5_amd64.deb Files: 6a0911d091f0c72c9aa497d587df87c5 2316 gnome optional gnome-keyring_3.4.1-5.dsc a6c4893d4ab660046a125ba9209d9687 18183 gnome optional gnome-keyring_3.4.1-5.debian.tar.gz 54139ff2ddd75d3f508c957d496ca3e3 935506 gnome optional gnome-keyring_3.4.1-5_amd64.deb e23cc168be94e77aa025e6f759dc2727 251224 admin optional libpam-gnome-keyring_3.4.1-5_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJQMUhTAAoJEB/FiR66sEPVqdwH/399gEBQJMRBQtrzdA/veQyD nF/WhCBIySC2wytfpvSqtNLXaMW99MWYnJee+0DwFEA4LEOjdHLJ5cxBXIcK7wN2 7pjtWa/l+Vus+0iVvKUPeFNVBioGKcY6dzETMshW9mEMHs1FbPYGbzPuyWZjBPTO BSq/bOLkCRbl5BrHU+KVgu0IjoegoRwpAMaQ3RnHTGRXpG/zck6fKIH+4lZijDme a4Wy+FMx0pBsCYMAx/vLRlS2OwNtMlpBK1Wzvj7T1udJo+cywlEU6eC0hC22MChy JuXetF71ah05M8eeJ2TP027F2zbFfTzzv65S/76uUAbh0FTYtja7cjyKxizH9P4= =XI09 -----END PGP SIGNATURE-----
--- End Message ---