Bug 1187759 - (CVE-2021-33589) VUL-0: CVE-2021-33589: rnp: cleartext key data after the rnp_key_unprotect()/rnp_key_protect() calls
(CVE-2021-33589)
VUL-0: CVE-2021-33589: rnp: cleartext key data after the rnp_key_unprotect()/...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Current
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Andreas Stieger
E-mail List
https://smash.suse.de/issue/303014/
:
Depends on:
Blocks: CVE-2021-29956
  Show dependency treegraph
 
Reported: 2021-06-28 09:31 UTC by Andreas Stieger
Modified: 2021-06-28 21:42 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2021-06-28 09:31:24 UTC
https://github.com/rnpgp/rnp/releases/tag/v0.15.1

    Fixed issue with cleartext key data after the rnp_key_unprotect()/rnp_key_protect() calls (CVE-2021-33589).

Factory only
Comment 1 Andreas Stieger 2021-06-28 20:21:17 UTC
https://build.opensuse.org/request/show/902886
Comment 2 Andreas Stieger 2021-06-28 21:42:58 UTC
https://www.rnpgp.org/advisories/ri-2021-001/

> This issue was the cause of CVE-2021-29956 [in Thunderbird]
> which is described in bmo#1710290.