[Git][security-tracker-team/security-tracker][master] 2 commits: CVE-2018-19358,gnome-keyring: no-dsa for Jessie

Markus Koschany apo at debian.org
Thu Nov 22 20:56:44 GMT 2018 

Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0011af4b by Markus Koschany at 2018-11-22T20:55:39Z
CVE-2018-19358,gnome-keyring: no-dsa for Jessie

- - - - -
54026d69 by Markus Koschany at 2018-11-22T20:56:27Z
Merge branch 'master' of salsa.debian.org:security-tracker-team/security-tracker

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -244,8 +244,13 @@ CVE-2018-19359 [Unauthorized service template creation]
 	NOTE: https://about.gitlab.com/2018/11/19/critical-security-release-gitlab-11-dot-4-dot-6-released/
 CVE-2018-19358 (GNOME Keyring through 3.28.2 allows local users to retrieve login ...)
 	- gnome-keyring <unfixed> (bug #914154)
+	[jessie] - gnome-keyring <no-dsa> (The current design works as expected)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1780365
 	NOTE: https://github.com/sungjungk/keyring_crack
+	NOTE: The default keyring is automatically unlocked upon successful login.
+	NOTE: The current behavior to access passwords via DBus is expected but
+	NOTE: cannot be compromised by another user on the system. Users can choose
+	NOTE: to use a separate keyring if they prefer to be prompted.
 CVE-2018-19357
 	RESERVED
 CVE-2018-19356



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/59eb9031fb92ee7b088e97efd550a75129e2c1cd...54026d69fbaa444d46d461c497fe203741dce118

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/59eb9031fb92ee7b088e97efd550a75129e2c1cd...54026d69fbaa444d46d461c497fe203741dce118
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181122/90ef2a28/attachment.html>

More information about the debian-security-tracker-commits mailing list