1
Candidate: CVE-2012-3466
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3466
6
GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to
7
"idle" or "timeout," does not properly limit the amount of time a
8
passphrase is cached, which allows attackers to have an unspecified impact
9
via unknown attack vectors.
12
jdstrand> per upstream, "This is a regression from 3.3.x"
14
https://bugzilla.gnome.org/show_bug.cgi?id=681081
15
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683655
17
Discovered-by: Julien Cristau
20
Patches_gnome-keyring:
21
upstream: http://git.gnome.org/browse/gnome-keyring/commit/?id=111a1327bd55b8f81a44ac37b3af399eb0121126
22
upstream: http://git.gnome.org/browse/gnome-keyring/commit/?id=979bf3c2a3a264630eace3ba2da0db14c59a67de
23
upstream_gnome-keyring: released (3.5.90)
24
hardy_gnome-keyring: ignored (reached end-of-life)
25
lucid_gnome-keyring: not-affected
26
natty_gnome-keyring: not-affected
27
oneiric_gnome-keyring: not-affected
28
precise_gnome-keyring: not-affected (3.2.2-2ubuntu4)
29
devel_gnome-keyring: not-affected (3.5.91-0ubuntu1)