FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-23 14:57:51 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
448047e9-030e-4ce4-910b-f21a3ad5d9a0	shotwell -- not verifying certificates Michael Catanzaro reports: Shotwell has a serious security issue ("Shotwell does not verify TLS certificates"). Upstream is no longer active and I do not expect any further upstream releases unless someone from the community steps up to maintain it. What is the impact of the issue? If you ever used any of the publish functionality (publish to Facebook, publish to Flickr, etc.), your passwords may have been stolen; changing them is not a bad idea. What is the risk of the update? Regressions. The easiest way to validate TLS certificates was to upgrade WebKit; it seems to work but I don't have accounts with the online services it supports, so I don't know if photo publishing still works properly on all the services. Discovery 2016-01-06 Entry 2016-02-05 shotwell < 0.22.0.99 https://mail.gnome.org/archives/distributor-list/2016-January/msg00000.html
5a9b3d70-48e2-4267-b196-83064cb14fe0	shotwell -- failure to encrypt authentication Jens Georg reports: I have just released Shotwell 0.24.5 and 0.25.4 which turn on HTTPS encryption all over the publishing plugins. Users using Tumblr and Yandex.Fotki publishing are strongly advised to change their passwords and reauthenticate Shotwell to those services after upgrade. Users of Picasa and Youtube publishing are strongly advised to reauthenticate (Log out and back in) Shotwell to those services after upgrade. Discovery 2017-01-31 Entry 2017-02-01 shotwell < 0.24.5 https://mail.gnome.org/archives/shotwell-list/2017-January/msg00048.html

VuXML ID

Description

448047e9-030e-4ce4-910b-f21a3ad5d9a0

shotwell -- not verifying certificates

Michael Catanzaro reports:

Shotwell has a serious security issue ("Shotwell does not verify TLS certificates"). Upstream is no longer active and I do not expect any further upstream releases unless someone from the community steps up to maintain it.

What is the impact of the issue? If you ever used any of the publish functionality (publish to Facebook, publish to Flickr, etc.), your passwords may have been stolen; changing them is not a bad idea.

What is the risk of the update? Regressions. The easiest way to validate TLS certificates was to upgrade WebKit; it seems to work but I don't have accounts with the online services it supports, so I don't know if photo publishing still works properly on all the services.

Discovery 2016-01-06
Entry 2016-02-05
shotwell

< 0.22.0.99

https://mail.gnome.org/archives/distributor-list/2016-January/msg00000.html

5a9b3d70-48e2-4267-b196-83064cb14fe0

shotwell -- failure to encrypt authentication

Jens Georg reports:

I have just released Shotwell 0.24.5 and 0.25.4 which turn on HTTPS encryption all over the publishing plugins.

Users using Tumblr and Yandex.Fotki publishing are strongly advised to change their passwords and reauthenticate Shotwell to those services after upgrade.

Users of Picasa and Youtube publishing are strongly advised to reauthenticate (Log out and back in) Shotwell to those services after upgrade.

Discovery 2017-01-31
Entry 2017-02-01
shotwell

< 0.24.5

https://mail.gnome.org/archives/shotwell-list/2017-January/msg00048.html