Candidate: CVE-2012-3466
PublicDate: 2012-10-22 23:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3466
Description:
 GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to
 "idle" or "timeout," does not properly limit the amount of time a
 passphrase is cached, which allows attackers to have an unspecified impact
 via unknown attack vectors.
Ubuntu-Description:
Notes:
 jdstrand> per upstream, "This is a regression from 3.3.x"
Bugs:
 https://bugzilla.gnome.org/show_bug.cgi?id=681081
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683655
Priority: medium
Discovered-by: Julien Cristau
Assigned-to:
CVSS: 

Patches_gnome-keyring:
 upstream: http://git.gnome.org/browse/gnome-keyring/commit/?id=111a1327bd55b8f81a44ac37b3af399eb0121126
 upstream: http://git.gnome.org/browse/gnome-keyring/commit/?id=979bf3c2a3a264630eace3ba2da0db14c59a67de
upstream_gnome-keyring: released (3.5.90)
hardy_gnome-keyring: ignored (reached end-of-life)
lucid_gnome-keyring: not-affected
natty_gnome-keyring: not-affected
oneiric_gnome-keyring: not-affected
precise_gnome-keyring: not-affected (3.2.2-2ubuntu4)
devel_gnome-keyring: not-affected (3.5.91-0ubuntu1)