Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#32918 - [libsocialweb] connects with flickr server without user permission (security problem)

Attached to Project: Arch Linux
Opened by Greg (dolby) - Saturday, 01 December 2012, 02:34 GMT
Last edited by Ionut Biru (wonder) - Sunday, 02 December 2012, 08:04 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Ionut Biru (wonder)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


services/flickr/flickr.c in libsocialweb before 0.25.21 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack.

Upstream commit:

Upgrading to 0.25.21 is advised instead of applying the above patch as it was released to address this exact issue.
This task depends upon

Closed by  Ionut Biru (wonder)
Sunday, 02 December 2012, 08:04 GMT
Reason for closing:  Fixed