Version 3.4.1, which we have in Mageia 2, is affected. I don't know if Mageia 1 or Cauldron are affected. More info here: http://bugs.debian.org/683655
CC: (none) => olavAssignee: bugsquad => olav
http://bugzilla.gnome.org/show_bug.cgi?id=681081 Upstream bug.
URL: http://bugzilla.gnome.org/show_bug.cgi?id=681081 => (none)
Fedora has issued an advisory on August 21: http://lists.fedoraproject.org/pipermail/package-announce/2012-September/085969.html Patches added here: http://pkgs.fedoraproject.org/cgit/gnome-keyring.git/commit/?h=f17&id=807308f73a241ecf14acfe8082bdb3150922d0c7 Looks like Cauldron should not be affected.
URL: (none) => http://lwn.net/Vulnerabilities/514953/
The first Fedora patch says regression 3.3.x, so maybe doesn't affect Mageia 1, but the second patch there does apply to the code in Mageia 1.
From the upstream bug, sounds like Mageia 1 shouldn't be affected.
Patched package uploaded for Mageia 2. Advisory: ======================== Updated gnome-keyring package fixes security vulnerability: gnome-keyring seems to obey the configuration asking it to stop caching passphrases, but after a while it doesn't cache nor does it ask for the passphrase (CVE-2012-3466). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3466 http://lists.fedoraproject.org/pipermail/package-announce/2012-September/085969.html ======================== Updated packages in core/updates_testing: ======================== gnome-keyring-3.4.1-1.1.mga2 from gnome-keyring-3.4.1-1.1.mga2.src.rpm
Assignee: olav => qa-bugs
No problems with Mageia 2 x86_64.
CC: (none) => ed_rus099Whiteboard: (none) => MGA2-64-OK
Works ok on Mageia 2 i568/x86. Could sysadmin please push from core/updates_testing to core/updates. See comment 5 for srpm and advisory. Thank you.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA2-64-OK => MGA2-64-OK MGA2-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0262
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED