CVE-2012-6111

Priority
Description
We've received a bug report that gnome-keyring client library does not
instruct the daemon to discard secrets when using the
gnome_keyring_lock_all_sync function
Notes
 mdeslaur> In hardy, gnome_keyring_lock_all_sync() was in the gnome-keyring
 mdeslaur> package, and works as expected.
 mdeslaur> In 2.30+ in Lucid+, gnome_keyring_lock_all_sync() is in
 mdeslaur> libgnome-keyring and sends a LockService DBus call to
 mdeslaur> gnome-keyring. This call isn't implemented in lucid+
 mdeslaur> Nothing in the archive in Oneiric+ actually uses
 mdeslaur> gnome_keyring_lock_all_sync(), so this is low.
 mdeslaur> In Lucid, gnome-power-manager calls this before suspend and
 mdeslaur> hibernation with the intention of locking the keyring.
 mdeslaur> Fixing this in Lucid would result in the user likely having to
 mdeslaur> retype their keyring password when coming out of suspend and
 mdeslaur> hibernation, which is an intrusive change this late in Lucid's
 mdeslaur> lifecycle.
 mdeslaur> Setting this issue as priority low for the reasons above.
Package
Upstream:needed
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 18.10 (Cosmic Cuttlefish):needed
Ubuntu 19.04 (Disco Dingo):needed
More Information

Updated: 2019-01-14 21:14:44 UTC (commit 51f9b73af244ba86b9321e46e526586c25a8e060)