[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Wrong affected version in the CVE-2012-4511
From: Agostino Sarubbo <ago () gentoo ! org>
Date: 2012-10-23 21:18:15
Message-ID: 1707742.pqzVoIFduu () devil
[Download RAW message or body]
The description says:
services/flickr/flickr.c in libsocialweb before 0.25.22 automatically connects
to Flickr when no Flickr account is set, which might allow remote attackers to
obtain sensitive information via a man-in-the-middle (MITM) attack.
but Rob Bradford in the Red Hat bugzilla said:
That's odd - when I did "yum remove libsocialweb" it didn't threaten to remove
anything else (well, except libsocialweb-keys...:-)
Anyway there is a 0.25.21 on the servers for you.
and, for the record the version 0.25.22 does not exist.
So I think we need "s/22/21"
Can someone take care of this issue?
--
Agostino Sarubbo / ago -at- gentoo.org
Gentoo/AMD64 Arch Security Liaison
GPG: 0x7CD2DC5D
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic