This bug was fixed in the package python-keyring -
0.9.2-0ubuntu0.12.04.2
---------------
python-keyring (0.9.2-0ubuntu0.12.04.2) precise-security; urgency=low
* SECURITY UPDATE: CryptedFileKeyring format is insecure (LP: #1004845)
- Rebuild python-keyring 0.9.2 from Ubuntu 12.10 as a security update
for Ubuntu 12.04.
- debian/patches/crypto_compat.patch: include PBKDF2() directly to be
compatible with the older version of python-crypto in Ubuntu 12.04.
- CVE-2012-4571
* SECURITY UPDATE: insecure default file permissions (LP: #1031465)
- debian/patches/file_permissions.patch: set appropriate permissions on
database directory.
- CVE number pending
* debian/patches/fix_migration.patch: fix migration code so old
databases get upgraded when a key is read. (LP: #1042754)
* debian/patches/fix_unlock.patch: fix unlocking an existing keyring.
-- Marc Deslauriers <[email protected]> Mon, 19 Nov 2012 12:50:49
-0500
** Changed in: python-keyring (Ubuntu Precise)
Status: Confirmed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-4571
** Changed in: python-keyring (Ubuntu Quantal)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1031465
Title:
~/crypted_pass.cfg created with insecure permissions
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1031465/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
