oss-sec mailing list archives
Re: CVE request: libsocialweb untrusted connection to flickr
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 10 Oct 2012 19:45:05 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/10/2012 03:20 PM, Vincent Danen wrote:
A similar request was made last year for libsocialweb connecting to Twitter, and it seems to be doing the same to Flickr now (probably has been all this time). Same situation: opens an HTTP (non-SSL) connection to Flickr when no Flickr account is configured, and without the user's permission or knowledge. Could a CVE be assigned to this (or has one been assigned already)? Request for the Twitter issue is here (for reference): http://www.openwall.com/lists/oss-security/2011/11/09/3 and the Red Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=863206 Thanks.
Please use CVE-2012-4511 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQdiShAAoJEBYNRVNeJnmTgUgP/ifAY50s7uaC1mv9BbKnhLHQ HpWeAp53NXR6gq8BkD6Cj5sTzJ/ZVCXFXApjdyzoFY1pLusFWmL8JYeitYbD/i4i FlfFDiojNwqQu9uplN4X/tm3y4BJ2owZZev6F15MwI2R/tc4dDQxQXS0drNTcMf4 pH4qz59e9xFPK+c6c11oyr3doqkVdcRSqZnBMYmNwb7V6OBnNgjVrwM199Y+vPJu LSYMgsfVluixbzUoE4XWnQw8JFzjpgDb3mZoYAx3yAwC1ptMV77SeOLao3cojseH Vwx9iKJxi+Ihoh3S0YAct5eMefhkUDRbC07PN+NJQ7RoqsB1YmzUG26pBn89gk9P OsW/1yjIcTUDKQrgmp5qilEPvT15f1YquZR2KZ3e1LTbKzT4fvqHaIih+324gHNS Pl7JU8lbkc+VYtSF19GvJBzPErcdBw7JNn212Hv7kU8xZzIPrW3yQxsC60hqb3i0 BZt8bgdOKGHIcbUPROIb/TDqkWuyGhdI+Xeie1JTZwk84nZ/1xhSzIRx4ZDZbLod dFKXI5CpUlovOhEIjwCgSKDv8nG4cLbXOiRH1I7hdLU2hkz0TGhfrofTWyzpoEPN jwT/afH2UYaRAoRqP4DF19aNjyX8BuCwebFymQFLqxdO+G6t4eqzYR9bRUY3s7o0 cEjpf01CwFbebaMah3U8 =hjZG -----END PGP SIGNATURE-----
Current thread:
- CVE request: libsocialweb untrusted connection to flickr Vincent Danen (Oct 10)
- Re: CVE request: libsocialweb untrusted connection to flickr Kurt Seifried (Oct 10)