Date: Tue, 23 Oct 2012 23:18:15 +0200 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Cc: cve@...re.org Subject: Wrong affected version in the CVE-2012-4511 The description says: services/flickr/flickr.c in libsocialweb before 0.25.22 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. but Rob Bradford in the Red Hat bugzilla said: That's odd - when I did "yum remove libsocialweb" it didn't threaten to remove anything else (well, except libsocialweb-keys...:-) Anyway there is a 0.25.21 on the servers for you. and, for the record the version 0.25.22 does not exist. So I think we need "s/22/21" Can someone take care of this issue? -- Agostino Sarubbo / ago -at- gentoo.org Gentoo/AMD64 Arch Security Liaison GPG: 0x7CD2DC5D
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ