Red Hat Bugzilla – Bug 837016
CVE-2012-3818 revelation (fpm exporter): Password not encrypted when exporting a file
Last modified: 2015-08-22 12:16:08 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-3818 to the following vulnerability:
The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information.
This issue affects the versions of the revelation package, as shipped with Fedora release of 16 and 17. Please schedule an update once final upstream patch available.
This issue affects the version of the revelation package, as shipped with Fedora EPEL 5. Please schedule an update once final upstream patch available.
Created revelation tracking bugs for this issue
Affects: fedora-all [bug 837017]
Affects: epel-5 [bug 837019]
Due the patch itself - upstream v0.14.4 release NEWS contains:
2012-07-01: Revelation 0.4.14
- Added a new file encryption format using PBKDF2 #61 [Mikel Olasagasti Uranga]
- Warn users about old file encryption format being non-secure
- Moved applet to own dir to fix 'make dist'
thus maybe adding a warning would be sufficient till there is upstream old-format fix.
yes... pre-release scratch build has the patch.....
rolling new scratch build and rawhide build with the new release today.
(In reply to comment #4)
> rolling new scratch build and rawhide build with the new release today.
Thanks for that, Jan.