Debian Bug report logs -
#675379
python-keyring: [CVE-2012-4571] CryptedFileKeyring is insecure
Reported by: Sebastian Ramacher <sramacher@debian.org>
Date: Thu, 31 May 2012 18:03:01 UTC
Severity: important
Tags: fixed-upstream, security
Merged with 678682
Found in versions python-keyring/0.7.1-1, python-keyring/0.2-3
Fixed in versions python-keyring/0.9.2-1, python-keyring/0.7.1-1+deb7u1
Done: Sebastian Ramacher <sramacher@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, s.ramacher@gmx.at, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Carl Chenet <chaica@ohmytux.com>
:
Bug#675379
; Package python-keyring
.
(Thu, 31 May 2012 18:03:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Sebastian Ramacher <s.ramacher@gmx.at>
:
New Bug report received and forwarded. Copy sent to s.ramacher@gmx.at, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Carl Chenet <chaica@ohmytux.com>
.
(Thu, 31 May 2012 18:03:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: python-keyring
Version: 0.7.1-1
Severity: important
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Due to recent changes in python-crypto it has been discovered that
python-keyring's CryptedFileKeyring uses AES/CFB in an insecure way. CFB
requires an unpredictable IV, but CryptedFileKeyring doesn't even pass one.
In previous versions of python-crypto it was possible to omit the IV and it
was set to '\0' * 16 in that case. Starting with 2.6 it is mandatory to
specify an IV.
Please see LP: #1004845 [1] for a detailed discussion of the issue.
Kind regards
[1] https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1004845
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (650, 'unstable'), (601, 'testing'), (600, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages python-keyring depends on:
ii python 2.7.2-10
ii python2.6 2.6.7-4
ii python2.7 2.7.3~rc2-2.1
Versions of packages python-keyring recommends:
ii python-crypto 2.6-2
python-keyring suggests no packages.
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJPx7HmAAoJEGny/FFupxmTFggQALhVKijeI3ClwADBkkeTtbA5
w08Fgkoqfnr90K7YIHf6UolISDwfUg5P1D1Bq9ablCef/EVe4mCSI/uRHQjL+96K
q9Kmw1SThxlDfozc1n6Jn1TqpEgMwJ4eH4tCAiOQHVEqUmWetMe74hVBj563gfdO
G68OAlrhl0tyl8JVM60Tj4bvcuoFvnUR9nZd+qE/G3lweWD9NL+HDuuocXXLEQNb
piLkLMeEq/PqfG0f1qMWXeDJTzr6Zm05k2xAqHP7ejj62iKeOViV3Abri/Zecy/d
qm2kUZRQkkYJP2ef7W3z9AnQVfu6CX7t2L74JOHEb20BlyQhT8aoGrSGZxKjHjHU
3kTfXGHuV0dbHXkPJ+IoG+qtYSBFVHlSQW/Rg7GOp4PxBVDXLw/zb64jJ9BG3ovq
AvRiDRRQpheY+WODuA/XHgeuaiWXsOfkVtsJowbtLK4L8DefBGI2I3xFbsLMkRGc
woWbyizPjPPpEmKiG9hpN0W0/8fpdhJoVrjw840DahP12SQmrccSGUf0Vq6cp4BW
LsPRfsskHYuO6G3aYwxHpjuX58S53+Viq2QeWos4vqOgRzyuCihQ3Sfki8ubztR1
vTK5F8NdlfsBfXGsrx6c0gx5jwCdg2aBjkqpnFPl9x4ewRxIzApGrsj6FRKwt/KA
xNuOBLsutj3z5FihNfbY
=rFa+
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Carl Chenet <chaica@ohmytux.com>
:
Bug#675379
; Package python-keyring
.
(Tue, 05 Jun 2012 13:27:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Sebastian Ramacher <s.ramacher@gmx.at>
:
Extra info received and forwarded to list. Copy sent to Carl Chenet <chaica@ohmytux.com>
.
(Tue, 05 Jun 2012 13:27:05 GMT) (full text, mbox, link).
Message #10 received at 675379@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 675379 + fixed-upstream
thanks
python-keyring 0.9.2 has been released which contains a fix for this issue.
Kind regards
--
Sebastian Ramacher
[signature.asc (application/pgp-signature, attachment)]
Added tag(s) fixed-upstream.
Request was from Sebastian Ramacher <s.ramacher@gmx.at>
to control@bugs.debian.org
.
(Tue, 05 Jun 2012 13:27:19 GMT) (full text, mbox, link).
Merged 675379 678682
Request was from Stefano Rivera <stefanor@debian.org>
to control@bugs.debian.org
.
(Sat, 23 Jun 2012 18:21:09 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from chaica-guest@users.alioth.debian.org
to control@bugs.debian.org
.
(Mon, 30 Jul 2012 21:15:13 GMT) (full text, mbox, link).
Reply sent
to Carl Chenet <chaica@debian.org>
:
You have taken responsibility.
(Mon, 30 Jul 2012 21:51:04 GMT) (full text, mbox, link).
Notification sent
to Sebastian Ramacher <s.ramacher@gmx.at>
:
Bug acknowledged by developer.
(Mon, 30 Jul 2012 21:51:04 GMT) (full text, mbox, link).
Message #21 received at 675379-close@bugs.debian.org (full text, mbox, reply):
Source: python-keyring
Source-Version: 0.9.2-1
We believe that the bug you reported is fixed in the latest version of
python-keyring, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 675379@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Carl Chenet <chaica@debian.org> (supplier of updated python-keyring package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 30 Jul 2012 20:14:42 +0200
Source: python-keyring
Binary: python-keyring python3-keyring
Architecture: source all
Version: 0.9.2-1
Distribution: unstable
Urgency: low
Maintainer: Carl Chenet <chaica@debian.org>
Changed-By: Carl Chenet <chaica@debian.org>
Description:
python-keyring - store and access your passwords safely
python3-keyring - store and access your passwords safely - Python 3 version of the
Closes: 675379 678682
Changes:
python-keyring (0.9.2-1) unstable; urgency=low
.
* New upstream release (Closes: #675379, #678682)
* debian/control
- Bump Standards-Version to 3.9.3
- Switch uploader chaica@ohmytux.com to chaica@debian.org
* debian/rules
- Remove unittests executions
Checksums-Sha1:
ccf931960279aa065d5ef6e12b09dcd9e7f926d2 2144 python-keyring_0.9.2-1.dsc
469d5e1507a9d7d9b6ca508552948e9884ee99eb 31557 python-keyring_0.9.2.orig.tar.gz
1d0f69c95c6343eee0c979b3337e77d578c4c6cd 6604 python-keyring_0.9.2-1.debian.tar.gz
b0d809932cddc8cc3fecc3591c767749e56fb7ed 41972 python-keyring_0.9.2-1_all.deb
b521dcaa50db65e09539acf10505590efbc04ffb 34620 python3-keyring_0.9.2-1_all.deb
Checksums-Sha256:
57310bc31a054c618ab1a99ffedbc79c2f529e5677cb3160ac1b26e384570a2d 2144 python-keyring_0.9.2-1.dsc
58e1cd4f23d8b59c5da8285a89ef9946a5b42cba7b03a117844e5b6be0a538e3 31557 python-keyring_0.9.2.orig.tar.gz
fec6feee2964ebccd59432c4c86fd19e897136a29fad2b2679b7949f36334c5b 6604 python-keyring_0.9.2-1.debian.tar.gz
9ef906343f9be191ef44003dc4eb63915ff8c7b3dfe9f7f3df849a9984440802 41972 python-keyring_0.9.2-1_all.deb
7fb691f93835c0552ce08c7406d3b662f133d96de052133744051c35e17a5e66 34620 python3-keyring_0.9.2-1_all.deb
Files:
4059fbe9153139b0a759181bcf0be490 2144 python optional python-keyring_0.9.2-1.dsc
0980b7544cf92ff39bffbf18519672f9 31557 python optional python-keyring_0.9.2.orig.tar.gz
7cda3b92aed761e1086a3bb2c01fcaf0 6604 python optional python-keyring_0.9.2-1.debian.tar.gz
407ac89a943358799cc5f5fe412e0c73 41972 python optional python-keyring_0.9.2-1_all.deb
bbe4a11b22ba99658b21199da239c596 34620 python optional python3-keyring_0.9.2-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJQFv8ZAAoJEAJwonWM1zbiODEP+gIZiFIWRM7MKAAgNNUCqkFG
gUW1/bdCHMR5HpaPMsaLL5t9oNi42OXH+SRCPcOerDlTFQ4uTk5RRUUwhzw1Siag
eS3Ya8d/Z3ICOjvFSvKbD2qEaNFNMLoiObZ0WCz69Q/hP+FPcO6oDDzcktoJWPlZ
fcYJBt2r+3W2dElN7eBWdLrnT7zgWjhBazKvbCcjCZ9SwgEih7HVNyp9qfizB9G4
kJ1jaMVRl4VFgkR/Gw9E8i9HIVF0mf7kcKxOYspSNCynIm7sJSuA1gBn60hR5Ojt
y3uA5I8BBNAqTdxJ7rJdbUcyURrqAdmCyMeWw5FhqPhazQRvXRmv9DHeeyg8akYq
YYKU7VH24bHel58CLMupaAeigalr296ssovnf9GbwfhBdvibGZHYQG+ZR97/+VJN
b4xg7gq/caPCP7kSPMWvoykdzKEpdPV0cAKaBExNN7qusOcF9S8nK5uKk6QfiaX7
cWLzlR4Szx7FFtW9Yn+NvDI4deAKOSHlbh4qoBu52siyYTp9IvBn+cDnoOrWrJdT
rMYIcmxZG/FyOh4A84YSLEIwk9CKXHRyg1IvMOeuJG+zW5eevblQf3Lfoqg8irOp
jsoBa767Fr1hFRohtTvGO4NrwdUMJbPTViugiBthlhLpjV7lx5vFhO4ffElfaheT
hBkG80Q/KhISDHucxGWj
=KkUf
-----END PGP SIGNATURE-----
Reply sent
to Carl Chenet <chaica@debian.org>
:
You have taken responsibility.
(Mon, 30 Jul 2012 21:51:04 GMT) (full text, mbox, link).
Notification sent
to Stephen Kitt <steve@sk2.org>
:
Bug acknowledged by developer.
(Mon, 30 Jul 2012 21:51:04 GMT) (full text, mbox, link).
Message #26 received at 678682-close@bugs.debian.org (full text, mbox, reply):
Source: python-keyring
Source-Version: 0.9.2-1
We believe that the bug you reported is fixed in the latest version of
python-keyring, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 678682@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Carl Chenet <chaica@debian.org> (supplier of updated python-keyring package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 30 Jul 2012 20:14:42 +0200
Source: python-keyring
Binary: python-keyring python3-keyring
Architecture: source all
Version: 0.9.2-1
Distribution: unstable
Urgency: low
Maintainer: Carl Chenet <chaica@debian.org>
Changed-By: Carl Chenet <chaica@debian.org>
Description:
python-keyring - store and access your passwords safely
python3-keyring - store and access your passwords safely - Python 3 version of the
Closes: 675379 678682
Changes:
python-keyring (0.9.2-1) unstable; urgency=low
.
* New upstream release (Closes: #675379, #678682)
* debian/control
- Bump Standards-Version to 3.9.3
- Switch uploader chaica@ohmytux.com to chaica@debian.org
* debian/rules
- Remove unittests executions
Checksums-Sha1:
ccf931960279aa065d5ef6e12b09dcd9e7f926d2 2144 python-keyring_0.9.2-1.dsc
469d5e1507a9d7d9b6ca508552948e9884ee99eb 31557 python-keyring_0.9.2.orig.tar.gz
1d0f69c95c6343eee0c979b3337e77d578c4c6cd 6604 python-keyring_0.9.2-1.debian.tar.gz
b0d809932cddc8cc3fecc3591c767749e56fb7ed 41972 python-keyring_0.9.2-1_all.deb
b521dcaa50db65e09539acf10505590efbc04ffb 34620 python3-keyring_0.9.2-1_all.deb
Checksums-Sha256:
57310bc31a054c618ab1a99ffedbc79c2f529e5677cb3160ac1b26e384570a2d 2144 python-keyring_0.9.2-1.dsc
58e1cd4f23d8b59c5da8285a89ef9946a5b42cba7b03a117844e5b6be0a538e3 31557 python-keyring_0.9.2.orig.tar.gz
fec6feee2964ebccd59432c4c86fd19e897136a29fad2b2679b7949f36334c5b 6604 python-keyring_0.9.2-1.debian.tar.gz
9ef906343f9be191ef44003dc4eb63915ff8c7b3dfe9f7f3df849a9984440802 41972 python-keyring_0.9.2-1_all.deb
7fb691f93835c0552ce08c7406d3b662f133d96de052133744051c35e17a5e66 34620 python3-keyring_0.9.2-1_all.deb
Files:
4059fbe9153139b0a759181bcf0be490 2144 python optional python-keyring_0.9.2-1.dsc
0980b7544cf92ff39bffbf18519672f9 31557 python optional python-keyring_0.9.2.orig.tar.gz
7cda3b92aed761e1086a3bb2c01fcaf0 6604 python optional python-keyring_0.9.2-1.debian.tar.gz
407ac89a943358799cc5f5fe412e0c73 41972 python optional python-keyring_0.9.2-1_all.deb
bbe4a11b22ba99658b21199da239c596 34620 python optional python3-keyring_0.9.2-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJQFv8ZAAoJEAJwonWM1zbiODEP+gIZiFIWRM7MKAAgNNUCqkFG
gUW1/bdCHMR5HpaPMsaLL5t9oNi42OXH+SRCPcOerDlTFQ4uTk5RRUUwhzw1Siag
eS3Ya8d/Z3ICOjvFSvKbD2qEaNFNMLoiObZ0WCz69Q/hP+FPcO6oDDzcktoJWPlZ
fcYJBt2r+3W2dElN7eBWdLrnT7zgWjhBazKvbCcjCZ9SwgEih7HVNyp9qfizB9G4
kJ1jaMVRl4VFgkR/Gw9E8i9HIVF0mf7kcKxOYspSNCynIm7sJSuA1gBn60hR5Ojt
y3uA5I8BBNAqTdxJ7rJdbUcyURrqAdmCyMeWw5FhqPhazQRvXRmv9DHeeyg8akYq
YYKU7VH24bHel58CLMupaAeigalr296ssovnf9GbwfhBdvibGZHYQG+ZR97/+VJN
b4xg7gq/caPCP7kSPMWvoykdzKEpdPV0cAKaBExNN7qusOcF9S8nK5uKk6QfiaX7
cWLzlR4Szx7FFtW9Yn+NvDI4deAKOSHlbh4qoBu52siyYTp9IvBn+cDnoOrWrJdT
rMYIcmxZG/FyOh4A84YSLEIwk9CKXHRyg1IvMOeuJG+zW5eevblQf3Lfoqg8irOp
jsoBa767Fr1hFRohtTvGO4NrwdUMJbPTViugiBthlhLpjV7lx5vFhO4ffElfaheT
hBkG80Q/KhISDHucxGWj
=KkUf
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Carl Chenet <chaica@debian.org>
:
Bug#675379
; Package python-keyring
.
(Sat, 06 Oct 2012 07:00:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Henri Salo <henri@nerv.fi>
:
Extra info received and forwarded to list. Copy sent to Carl Chenet <chaica@debian.org>
.
(Sat, 06 Oct 2012 07:00:03 GMT) (full text, mbox, link).
Message #31 received at 675379@bugs.debian.org (full text, mbox, reply):
CVE-request for this issue in here: http://www.openwall.com/lists/oss-security/2012/10/05/6
- Henri Salo
Changed Bug submitter to 'Sebastian Ramacher <sramacher@debian.org>' from 'Sebastian Ramacher <s.ramacher@gmx.at>'
Request was from Sebastian Ramacher <sramacher@debian.org>
to control@bugs.debian.org
.
(Thu, 15 Nov 2012 21:24:08 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Carl Chenet <chaica@debian.org>
:
Bug#675379
; Package python-keyring
.
(Mon, 03 Dec 2012 10:30:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Neil Muller <drnlmuller+bugs@gmail.com>
:
Extra info received and forwarded to list. Copy sent to Carl Chenet <chaica@debian.org>
.
(Mon, 03 Dec 2012 10:30:05 GMT) (full text, mbox, link).
Message #38 received at 675379@bugs.debian.org (full text, mbox, reply):
Is there going to be any attempt to get this fix into wheezy?
In addition to the security issue, python-keyring 1.0 [1] has dropped
support for automatically upgrading from several older versions, so
leaving wheezy with 0.7.1 looks likely to cause issues with future
debian upgrades.
[1] Based on http://pypi.python.org/pypi/keyring#id39
Information forwarded
to debian-bugs-dist@lists.debian.org, Carl Chenet <chaica@debian.org>
:
Bug#675379
; Package python-keyring
.
(Tue, 18 Dec 2012 01:15:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Jason Stephenson <jason@sigio.com>
:
Extra info received and forwarded to list. Copy sent to Carl Chenet <chaica@debian.org>
.
(Tue, 18 Dec 2012 01:15:03 GMT) (full text, mbox, link).
Message #43 received at 675379@bugs.debian.org (full text, mbox, reply):
Consider this another request for having the fix backported to Wheezy.
It's actually causing me issues with using python-aunchpadlib and other
packages in wheezy.
I wonder if this should be considered release-critical, since it leads
to other broken packages?
Changed Bug title to 'python-keyring: [CVE-2012-4571] CryptedFileKeyring is insecure' from 'python-keyring: CryptedFileKeyring is insecure'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Sat, 29 Dec 2012 08:45:05 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Carl Chenet <chaica@debian.org>
:
Bug#675379
; Package python-keyring
.
(Wed, 02 Jan 2013 13:42:03 GMT) (full text, mbox, link).
Message #48 received at 675379@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On 2012-12-17 19:31:46, Jason Stephenson wrote:
> Consider this another request for having the fix backported to Wheezy.
I'll check if the fix is easily backportable.
Regards
--
Sebastian Ramacher
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Carl Chenet <chaica@debian.org>
:
Bug#675379
; Package python-keyring
.
(Sun, 06 Jan 2013 20:30:03 GMT) (full text, mbox, link).
Message #51 received at 675379@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: found -1 0.2-3
On 2012-05-31 20:01:10, Sebastian Ramacher wrote:
> Due to recent changes in python-crypto it has been discovered that
> python-keyring's CryptedFileKeyring uses AES/CFB in an insecure way. CFB
> requires an unpredictable IV, but CryptedFileKeyring doesn't even pass one.
> In previous versions of python-crypto it was possible to omit the IV and it
> was set to '\0' * 16 in that case. Starting with 2.6 it is mandatory to
> specify an IV.
stable is also affected.
Kind regards
--
Sebastian Ramacher
[signature.asc (application/pgp-signature, inline)]
Marked as found in versions python-keyring/0.2-3.
Request was from Sebastian Ramacher <sramacher@debian.org>
to 675379-submit@bugs.debian.org
.
(Sun, 06 Jan 2013 20:30:03 GMT) (full text, mbox, link).
Reply sent
to Sebastian Ramacher <sramacher@debian.org>
:
You have taken responsibility.
(Wed, 16 Jan 2013 00:21:07 GMT) (full text, mbox, link).
Notification sent
to Sebastian Ramacher <sramacher@debian.org>
:
Bug acknowledged by developer.
(Wed, 16 Jan 2013 00:21:07 GMT) (full text, mbox, link).
Message #58 received at 675379-close@bugs.debian.org (full text, mbox, reply):
Source: python-keyring
Source-Version: 0.7.1-1+deb7u1
We believe that the bug you reported is fixed in the latest version of
python-keyring, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 675379@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sebastian Ramacher <sramacher@debian.org> (supplier of updated python-keyring package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 06 Jan 2013 22:22:33 +0100
Source: python-keyring
Binary: python-keyring python3-keyring
Architecture: source all
Version: 0.7.1-1+deb7u1
Distribution: testing-proposed-updates
Urgency: low
Maintainer: Carl Chenet <chaica@ohmytux.com>
Changed-By: Sebastian Ramacher <sramacher@debian.org>
Description:
python-keyring - store and access your passwords safely
python3-keyring - store and access your passwords safely - Python 3 version of the
Closes: 675379 696736
Changes:
python-keyring (0.7.1-1+deb7u1) testing-proposed-updates; urgency=low
.
* Team upload.
* debian/patches:
- CVE-2012-4571.patch: backport CryptedFileKeyring from 0.9.3 to fix
CVE-2012-4571. (Closes: #675379)
- 696736-Fix-insecure-permissions-on-database-files.patch: backport fix
from 0.9.2-1.1 to fix insecure permissions on database files. Fix
CVE-2012-5578. Thanks Salvatore Bonaccorso. (Closes: #696736)
Checksums-Sha1:
e5fcff94564b8ebce26225c347d59986bbdc1d78 2178 python-keyring_0.7.1-1+deb7u1.dsc
7d3edbe8d31c29ed684e4907f1e7615224486783 12305 python-keyring_0.7.1-1+deb7u1.debian.tar.gz
eec50b472ef8f3581278633b197d80559c78bb01 38496 python-keyring_0.7.1-1+deb7u1_all.deb
41f6ae9cdd1273442f934d5e517d91c857b58617 31576 python3-keyring_0.7.1-1+deb7u1_all.deb
Checksums-Sha256:
b83f1fbe3ee9fc14e1358d10d2f2150e9857b0d644103e123a61460f1eeecc73 2178 python-keyring_0.7.1-1+deb7u1.dsc
ef4a62279ce089e9eb63d30b00f3e15453ef39637f21e744960d0456cf3f2e1f 12305 python-keyring_0.7.1-1+deb7u1.debian.tar.gz
9b179ec6805d4eae0790511b1298d8246cf5489fb81a20cb2893542e750826ac 38496 python-keyring_0.7.1-1+deb7u1_all.deb
90859bc94ef4fae485691ec02f4803e6cc658986bb8220f3d3be41808943738b 31576 python3-keyring_0.7.1-1+deb7u1_all.deb
Files:
c294b880b21aa051feda968d15c53ece 2178 python optional python-keyring_0.7.1-1+deb7u1.dsc
db06d83a0a3ed96ddffb7c225513abf7 12305 python optional python-keyring_0.7.1-1+deb7u1.debian.tar.gz
abad2a4a11bca5957b3dbc367358787d 38496 python optional python-keyring_0.7.1-1+deb7u1_all.deb
ed9743e0fb9e26247a52cedebe7b577d 31576 python optional python3-keyring_0.7.1-1+deb7u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJQ9fBMAAoJEGny/FFupxmT814QAI/E9IOJz5WmjsJrRcR6BOLU
6aXZfsbSEFlV/bQQ/wTatb8xuISia//JsvZL2uzRM+uBIL5rnlTV6237a8Y3TQqK
RvT3HLLjFCWJIsK83aBoUFVB3ZdyI/40oYemaJjhoihVXF+ojd8/g4w+Yyvxid/v
mcr00I37EdqNbYSVuOsZ8RlUZmAge8SJD0oKGImPYLSgVCARltnEA6HlgqdQQBBP
ox0WaLsUeP4KecTAhqJxSHts5ZjUiyzF3dEu0hir8zo0e0hx+zKzjrBjg46j+etb
1XcsWq6lrpbEY+VfgjsCiCQJJURDt8zPg0vqLazOj/SMGJlBti98ba2MM6qFQFUb
yqdlIrMy2WLHunBTiQocEYlX7oSwZz5TFFHe574u4yU2eyp3YLXEICjVksw7A39S
0flhvVLudGjUAtMfZz1i53XDXqIuiwxRhnH2ZpZDOhX675PcJnKIlCHhyRAfgpNX
epyqntYLpfp7iGe+FlOuq5ZZNPsjaRpH+DeKmmWcN2HxIARmC/9sUYwwzMRbbo2O
RlDrdOjBE5CMi9CUPHo45j4XQKUcXVOkDbxvRtL51AKV7fZFm7TZWcn4k976i0gi
M7VYbt8JMsEyk093PPEnU8E3K4CUDwv65L5/xMA53gnTF7Z7vvlwNPEOCfMZlu/W
v0idxIN4BLEv3H4KzHK4
=2tIQ
-----END PGP SIGNATURE-----
Reply sent
to Sebastian Ramacher <sramacher@debian.org>
:
You have taken responsibility.
(Wed, 16 Jan 2013 00:21:08 GMT) (full text, mbox, link).
Notification sent
to Stephen Kitt <steve@sk2.org>
:
Bug acknowledged by developer.
(Wed, 16 Jan 2013 00:21:08 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Wed, 13 Feb 2013 07:27:32 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:02:41 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.