Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#32918 - [libsocialweb] connects with flickr server without user permission (security problem)
Attached to Project:
Arch Linux
Opened by Greg (dolby) - Saturday, 01 December 2012, 02:34 GMT
Last edited by Ionut Biru (wonder) - Sunday, 02 December 2012, 08:04 GMT
Opened by Greg (dolby) - Saturday, 01 December 2012, 02:34 GMT
Last edited by Ionut Biru (wonder) - Sunday, 02 December 2012, 08:04 GMT
|
Detailsservices/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4511 https://bugzilla.redhat.com/show_bug.cgi?id=863206 http://www.openwall.com/lists/oss-security/2012/10/10/10 Upstream commit: http://git.gnome.org/browse/libsocialweb/commit/?id=8c28ae1d5db5529020652cee3700c75341625503 Upgrading to 0.25.21 is advised instead of applying the above patch as it was released to address this exact issue. |
This task depends upon