Home page logo

oss-sec logo oss-sec mailing list archives

Wrong affected version in the CVE-2012-4511
From: Agostino Sarubbo <ago () gentoo org>
Date: Tue, 23 Oct 2012 23:18:15 +0200

The description says:

services/flickr/flickr.c in libsocialweb before 0.25.22 automatically connects 
to Flickr when no Flickr account is set, which might allow remote attackers to 
obtain sensitive information via a man-in-the-middle (MITM) attack.

but Rob Bradford in the Red Hat bugzilla said:
That's odd - when I did "yum remove libsocialweb" it didn't threaten to remove 
anything else (well, except libsocialweb-keys...:-)
Anyway there is a 0.25.21 on the servers for you.

and, for the record the version 0.25.22 does not exist.

So I think we need "s/22/21"
Can someone take care of this issue?
Agostino Sarubbo / ago -at- gentoo.org
Gentoo/AMD64 Arch Security Liaison

  By Date           By Thread  

Current thread:
  • Wrong affected version in the CVE-2012-4511 Agostino Sarubbo (Oct 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]