Date: Wed, 10 Oct 2012 15:20:59 -0600 From: Vincent Danen <vdanen@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE request: libsocialweb untrusted connection to flickr A similar request was made last year for libsocialweb connecting to Twitter, and it seems to be doing the same to Flickr now (probably has been all this time). Same situation: opens an HTTP (non-SSL) connection to Flickr when no Flickr account is configured, and without the user's permission or knowledge. Could a CVE be assigned to this (or has one been assigned already)? Request for the Twitter issue is here (for reference): http://www.openwall.com/lists/oss-security/2011/11/09/3 and the Red Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=863206 Thanks. -- Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ