Date: Tue, 23 Oct 2012 23:18:15 +0200 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Cc: cve@...re.org Subject: Wrong affected version in the CVE-2012-4511 The description says: services/flickr/flickr.c in libsocialweb before 0.25.22 automatically connects to Flickr when no Flickr account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack. but Rob Bradford in the Red Hat bugzilla said: That's odd - when I did "yum remove libsocialweb" it didn't threaten to remove anything else (well, except libsocialweb-keys...:-) Anyway there is a 0.25.21 on the servers for you. and, for the record the version 0.25.22 does not exist. So I think we need "s/22/21" Can someone take care of this issue? -- Agostino Sarubbo / ago -at- gentoo.org Gentoo/AMD64 Arch Security Liaison GPG: 0x7CD2DC5D
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.