Comment 3 for bug 1772919

I reported this issue to the upstream project: https://gitlab.gnome.org/GNOME/gnome-keyring/issues/3

This bug has been already fixed the latest version (gnome-keyring 3.28).

Currently, however, this bug has been reproduced from artful to trusty except on bionic only.

Maintainer suggests that it would be better to backport the fix.

However, this backport has a series of library dependency issue on previous Ubuntu version. (please check the following url: https://launchpad.net/~sungjungk/+archive/ubuntu/gnome-keyring)

Furthermore, it looks more like security issue and should release security release/patch.

An attacker can obtain session key/path using this bug, then gnome-keyring that contains a series of credentials easily compromised, just call a couple of secret service api via dbus.

Many thanks!!