Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 23 Oct 2012 23:18:15 +0200
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Cc: cve@...re.org
Subject: Wrong affected version in the CVE-2012-4511

The description says:

services/flickr/flickr.c in libsocialweb before 0.25.22 automatically connects 
to Flickr when no Flickr account is set, which might allow remote attackers to 
obtain sensitive information via a man-in-the-middle (MITM) attack.

but Rob Bradford in the Red Hat bugzilla said:
That's odd - when I did "yum remove libsocialweb" it didn't threaten to remove 
anything else (well, except libsocialweb-keys...:-)
Anyway there is a 0.25.21 on the servers for you.

and, for the record the version 0.25.22 does not exist.

So I think we need "s/22/21"
Can someone take care of this issue?
-- 
Agostino Sarubbo / ago -at- gentoo.org
Gentoo/AMD64 Arch Security Liaison
GPG: 0x7CD2DC5D

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.