CVE-2012-6111 (retired)

Priority
Description
We've received a bug report that gnome-keyring client library does not
instruct the daemon to discard secrets when using the
gnome_keyring_lock_all_sync function
Notes
 mdeslaur> In hardy, gnome_keyring_lock_all_sync() was in the gnome-keyring
 mdeslaur> package, and works as expected.
 mdeslaur> In 2.30+ in Lucid+, gnome_keyring_lock_all_sync() is in
 mdeslaur> libgnome-keyring and sends a LockService DBus call to
 mdeslaur> gnome-keyring. This call isn't implemented in lucid+
 mdeslaur> Nothing in the archive in Oneiric+ actually uses
 mdeslaur> gnome_keyring_lock_all_sync(), so this is low.
 mdeslaur> In Lucid, gnome-power-manager calls this before suspend and
 mdeslaur> hibernation with the intention of locking the keyring.
 mdeslaur> Fixing this in Lucid would result in the user likely having to
 mdeslaur> retype their keyring password when coming out of suspend and
 mdeslaur> hibernation, which is an intrusive change this late in Lucid's
 mdeslaur> lifecycle.
 mdeslaur> Setting this issue as priority low for the reasons above.
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (3.10.1-1ubuntu4.3)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (3.18.3-0ubuntu2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.28.0.2-1ubuntu1.18.04.1)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (3.28.2-0ubuntu1)
Ubuntu 19.04 (Disco Dingo):not-affected (3.28.2-3ubuntu1)
More Information

Updated: 2019-03-26 12:05:17 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)