Ubuntu

“python-keyring” 0.9.2-0ubuntu0.12.04.2 source package in The Precise Pangolin

Publishing history

0.9.2-0ubuntu0.12.04.2
PUBLISHED: Precise pocket Updates in component main and section python
  • Published on 2012-11-20
  • Copied from ubuntu precise in Private PPA for Ubuntu Security Team by Ubuntu Archive Robot
0.9.2-0ubuntu0.12.04.2
PUBLISHED: Precise pocket Security in component main and section python
  • Published on 2012-11-20
  • Copied from ubuntu precise in Private PPA for Ubuntu Security Team by Marc Deslauriers

Changelog

python-keyring (0.9.2-0ubuntu0.12.04.2) precise-security; urgency=low

  * SECURITY UPDATE: CryptedFileKeyring format is insecure (LP: #1004845)
    - Rebuild python-keyring 0.9.2 from Ubuntu 12.10 as a security update
      for Ubuntu 12.04.
    - debian/patches/crypto_compat.patch: include PBKDF2() directly to be
      compatible with the older version of python-crypto in Ubuntu 12.04.
    - CVE-2012-4571
  * SECURITY UPDATE: insecure default file permissions (LP: #1031465)
    - debian/patches/file_permissions.patch: set appropriate permissions on
      database directory.
    - CVE number pending
  * debian/patches/fix_migration.patch: fix migration code so old
    databases get upgraded when a key is read. (LP: #1042754)
  * debian/patches/fix_unlock.patch: fix unlocking an existing keyring.
 -- Marc Deslauriers <email address hidden>   Mon, 19 Nov 2012 12:50:49 -0500