Safari Login AutoFill
Available for: OS X Yosemite v10.10.5, OS X El Capitan v10.11.6, and macOS Sierra 10.12.4
Impact: A local user may be able to access locked keychain items
Description: A keychain handling issue was addressed through improved keychain item management.
CVE-2017-2385: Simon Woodside of MedStack
See that? Famous! I have my own CVE!
I filed this Radar in July 2016: Safari duplicates keychain items from self-created keychain into Local Items keychain