Package: python-keyring / 0.7.1-1+deb7u1

Metadata

Package Version Patches format
python-keyring 0.7.1-1+deb7u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
CVE 2012 4571.patch | (download)

keyring/backend.py | 251 169 + 82 - 0 !
keyring/core.py | 16 12 + 4 - 0 !
keyring/tests/test_core.py | 41 41 + 0 - 0 !
keyring/util/loc_compat.py | 27 27 + 0 - 0 !
keyring/util/platform.py | 10 10 + 0 - 0 !
5 files changed, 259 insertions(+), 86 deletions(-)

 
 backport cryptedfilekeyring from 0.9.3
 Use a random IV to initialize AES cipher. Also use PBKDF2 to derive the AES key
 from the user provided password.
696736 Fix insecure permissions on database files.patch | (download)

keyring/backend.py | 2 2 + 0 - 0 !
keyring/tests/test_backend.py | 3 2 + 1 - 0 !
keyring/util/loc_compat.py | 3 3 + 0 - 0 !
3 files changed, 7 insertions(+), 1 deletion(-)

 
 set appropriate file permissions on database file.
Bug: https://bitbucket.org/kang/python-keyring-lib/issue/67/set-go-rwx-on-keyring_passcfg
Bug: https://bitbucket.org/kang/python-keyring-lib/issue/76/insecure-database-file-permissions
Bug-Debian: http://bugs.debian.org/696736
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1031465