Bug#664032: [CVE-2012-1177] libgdata do not verify SSL certs
Luciano Bello
luciano at debian.org
Wed Mar 14 23:18:52 UTC 2012
Package: libgdata
Severity: grave
Tags: security patch
The following vulnerability had been reported against libgdata:
http://www.openwall.com/lists/oss-security/2012/03/14/3
The upstream patch:
http://git.gnome.org/browse/libgdata/commit/?id=6799f2c525a584dc998821a6ce897e463dad7840
http://git.gnome.org/browse/libgdata/commit/?h=libgdata-0-10&id=8eff8fa9138859e03e58c2aa76600ab63eb5c29c
Please use CVE-2012-1177 for this issue. Since the bug affects other
applications (like evolution) and looks quite important, please contact the
security team if it also affects stable.
Cheers,
luciano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20120315/01fed661/attachment-0001.pgp>
More information about the pkg-gnome-maintainers
mailing list