Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request: libgdata did not verify SSL certificates
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 14 Mar 2012 12:03:34 -0600

On 03/14/2012 05:46 AM, Marc Deslauriers wrote:
On Wed, 2012-03-14 at 08:54 +0100, Ludwig Nussel wrote:
Hi,

libgdata did not verify SSL certificates:

http://git.gnome.org/browse/libgdata/commit/?id=6799f2c525a584dc998821a6ce897e463dad7840
http://git.gnome.org/browse/libgdata/commit/?h=libgdata-0-10&id=8eff8fa9138859e03e58c2aa76600ab63eb5c29c
https://bugzilla.gnome.org/show_bug.cgi?id=671535
https://bugzilla.novell.com/show_bug.cgi?id=752088

Please credit Vreixo Formoso for having discovered this.

https://bugs.launchpad.net/ubuntu/+source/libgdata/+bug/938812

Thanks,

Marc.

Please use CVE-2012-1177 for this issue.


-- 
Kurt Seifried Red Hat Security Response Team (SRT)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]