Bug 1212254 (CVE-2023-29480)

Summary: VUL-0: CVE-2023-29480: rnp: secret keys may remain unlocked after use
Product: [openSUSE] openSUSE Tumbleweed Reporter: Andreas Stieger <Andreas.Stieger>
Component: SecurityAssignee: Andreas Stieger <Andreas.Stieger>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P5 - None    
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Andreas Stieger 2023-06-12 17:23:39 UTC 
Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use.

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-29480
https://www.rnpgp.org/blog/2023-04-13-rnp-release-0-16-3/
https://github.com/advisories/GHSA-rr9h-qqwq-gm72
Comment 1 Andreas Stieger 2023-06-12 17:29:08 UTC 
https://build.opensuse.org/request/show/1092656