FS#32918 - [libsocialweb] connects with flickr server without user permission (security problem)
Attached to Project:
Arch Linux
Opened by Greg (dolby) - Saturday, 01 December 2012, 02:34 GMT
Last edited by Ionut Biru (wonder) - Sunday, 02 December 2012, 08:04 GMT
Opened by Greg (dolby) - Saturday, 01 December 2012, 02:34 GMT
Last edited by Ionut Biru (wonder) - Sunday, 02 December 2012, 08:04 GMT
|
Details
services/flickr/flickr.c in libsocialweb before 0.25.21
automatically connects to Flickr when no Flickr account is
set, which might allow remote attackers to obtain sensitive
information via a man-in-the-middle (MITM) attack.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4511 https://bugzilla.redhat.com/show_bug.cgi?id=863206 http://www.openwall.com/lists/oss-security/2012/10/10/10 Upstream commit: http://git.gnome.org/browse/libsocialweb/commit/?id=8c28ae1d5db5529020652cee3700c75341625503 Upgrading to 0.25.21 is advised instead of applying the above patch as it was released to address this exact issue. |
This task depends upon