oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: libsocialweb untrusted connection to flickr

From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 10 Oct 2012 19:45:05 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/10/2012 03:20 PM, Vincent Danen wrote:

A similar request was made last year for libsocialweb connecting
to Twitter, and it seems to be doing the same to Flickr now
(probably has been all this time).

Same situation: opens an HTTP (non-SSL) connection to Flickr when
no Flickr account is configured, and without the user's permission
or knowledge.

Could a CVE be assigned to this (or has one been assigned
already)?

Request for the Twitter issue is here (for reference):

http://www.openwall.com/lists/oss-security/2011/11/09/3

and the Red Hat bug:

https://bugzilla.redhat.com/show_bug.cgi?id=863206

Thanks.



Please use CVE-2012-4511 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQdiShAAoJEBYNRVNeJnmTgUgP/ifAY50s7uaC1mv9BbKnhLHQ
HpWeAp53NXR6gq8BkD6Cj5sTzJ/ZVCXFXApjdyzoFY1pLusFWmL8JYeitYbD/i4i
FlfFDiojNwqQu9uplN4X/tm3y4BJ2owZZev6F15MwI2R/tc4dDQxQXS0drNTcMf4
pH4qz59e9xFPK+c6c11oyr3doqkVdcRSqZnBMYmNwb7V6OBnNgjVrwM199Y+vPJu
LSYMgsfVluixbzUoE4XWnQw8JFzjpgDb3mZoYAx3yAwC1ptMV77SeOLao3cojseH
Vwx9iKJxi+Ihoh3S0YAct5eMefhkUDRbC07PN+NJQ7RoqsB1YmzUG26pBn89gk9P
OsW/1yjIcTUDKQrgmp5qilEPvT15f1YquZR2KZ3e1LTbKzT4fvqHaIih+324gHNS
Pl7JU8lbkc+VYtSF19GvJBzPErcdBw7JNn212Hv7kU8xZzIPrW3yQxsC60hqb3i0
BZt8bgdOKGHIcbUPROIb/TDqkWuyGhdI+Xeie1JTZwk84nZ/1xhSzIRx4ZDZbLod
dFKXI5CpUlovOhEIjwCgSKDv8nG4cLbXOiRH1I7hdLU2hkz0TGhfrofTWyzpoEPN
jwT/afH2UYaRAoRqP4DF19aNjyX8BuCwebFymQFLqxdO+G6t4eqzYR9bRUY3s7o0
cEjpf01CwFbebaMah3U8
=hjZG
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: