FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The last vuln.xml file processed by FreshPorts is:
List all Vulnerabilities, by package
List all Vulnerabilities, by date
These are the vulnerabilities relating to the commit you have selected:
|5a9b3d70-48e2-4267-b196-83064cb14fe0||shotwell -- failure to encrypt authentication|
Jens Georg reports:
I have just released Shotwell 0.24.5 and 0.25.4 which turn
on HTTPS encryption all over the publishing plugins.
Users using Tumblr and Yandex.Fotki publishing are strongly
advised to change their passwords and reauthenticate Shotwell
to those services after upgrade.
Users of Picasa and Youtube publishing are strongly advised
to reauthenticate (Log out and back in) Shotwell to those
services after upgrade.
|448047e9-030e-4ce4-910b-f21a3ad5d9a0||shotwell -- not verifying certificates|
Michael Catanzaro reports:
Shotwell has a serious security issue ("Shotwell does not
verify TLS certificates"). Upstream is no longer active and
I do not expect any further upstream releases unless someone
from the community steps up to maintain it.
What is the impact of the issue? If you ever used any of
the publish functionality (publish to Facebook, publish to
Flickr, etc.), your passwords may have been stolen; changing
them is not a bad idea.
What is the risk of the update? Regressions. The easiest
way to validate TLS certificates was to upgrade WebKit; it
seems to work but I don't have accounts with the online
services it supports, so I don't know if photo publishing
still works properly on all the services.