Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 23 Oct 2012 23:18:15 +0200
From: Agostino Sarubbo <>
Subject: Wrong affected version in the CVE-2012-4511

The description says:

services/flickr/flickr.c in libsocialweb before 0.25.22 automatically connects 
to Flickr when no Flickr account is set, which might allow remote attackers to 
obtain sensitive information via a man-in-the-middle (MITM) attack.

but Rob Bradford in the Red Hat bugzilla said:
That's odd - when I did "yum remove libsocialweb" it didn't threaten to remove 
anything else (well, except libsocialweb-keys...:-)
Anyway there is a 0.25.21 on the servers for you.

and, for the record the version 0.25.22 does not exist.

So I think we need "s/22/21"
Can someone take care of this issue?
Agostino Sarubbo / ago -at-
Gentoo/AMD64 Arch Security Liaison

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.