UbuntuUpdates.org

Package "python-keyring"

Name: python-keyring

Description:

store and access your passwords safely
Latest version: 0.9.2-0ubuntu0.12.04.2
Release: precise (12.04)
Level: updates
Repository: main
Homepage: http://home.python-keyring.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "python-keyring"

All arch deb package
APT INSTALL

Other versions of "python-keyring" in Precise

Repository Area Version
base main 0.7.1-1fakesync1
base universe 0.7.1-1fakesync1
security main 0.9.2-0ubuntu0.12.04.2
security universe 0.9.2-0ubuntu0.12.04.2
updates universe 0.9.2-0ubuntu0.12.04.2

Changelog

Version: 0.9.2-0ubuntu0.12.04.2 2012-11-20 19:07:03 UTC

  python-keyring (0.9.2-0ubuntu0.12.04.2) precise-security; urgency=low

  * SECURITY UPDATE: CryptedFileKeyring format is insecure (LP: #1004845)
    - Rebuild python-keyring 0.9.2 from Ubuntu 12.10 as a security update
      for Ubuntu 12.04.
    - debian/patches/crypto_compat.patch: include PBKDF2() directly to be
      compatible with the older version of python-crypto in Ubuntu 12.04.
    - CVE-2012-4571
  * SECURITY UPDATE: insecure default file permissions (LP: #1031465)
    - debian/patches/file_permissions.patch: set appropriate permissions on
      database directory.
    - CVE number pending
  * debian/patches/fix_migration.patch: fix migration code so old
    databases get upgraded when a key is read. (LP: #1042754)
  * debian/patches/fix_unlock.patch: fix unlocking an existing keyring.
 -- Marc Deslauriers <email address hidden> Mon, 19 Nov 2012 12:50:49 -0500
1004845 python-keyring CryptedFileKeyring is insecure (was: doesn't work with python-crypto 2.6-1 (ValueError: IV must be 16 bytes long))
1031465 ~/crypted_pass.cfg created with insecure permissions
1042754 syncpackage: fails with JSON error in chroot
CVE-2012-4571 python-keyring: CryptedFileKeyring is insecure


About   -   Send Feedback to @ubuntu_updates