FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  501893
Date:      2019-05-18
Time:      01:23:59Z
Committer: timur

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
5a9b3d70-48e2-4267-b196-83064cb14fe0shotwell -- failure to encrypt authentication

Jens Georg reports:

I have just released Shotwell 0.24.5 and 0.25.4 which turn on HTTPS encryption all over the publishing plugins.

Users using Tumblr and Yandex.Fotki publishing are strongly advised to change their passwords and reauthenticate Shotwell to those services after upgrade.

Users of Picasa and Youtube publishing are strongly advised to reauthenticate (Log out and back in) Shotwell to those services after upgrade.


Discovery 2017-01-31
Entry 2017-02-01
shotwell
lt 0.24.5

https://mail.gnome.org/archives/shotwell-list/2017-January/msg00048.html
448047e9-030e-4ce4-910b-f21a3ad5d9a0shotwell -- not verifying certificates

Michael Catanzaro reports:

Shotwell has a serious security issue ("Shotwell does not verify TLS certificates"). Upstream is no longer active and I do not expect any further upstream releases unless someone from the community steps up to maintain it.

What is the impact of the issue? If you ever used any of the publish functionality (publish to Facebook, publish to Flickr, etc.), your passwords may have been stolen; changing them is not a bad idea.

What is the risk of the update? Regressions. The easiest way to validate TLS certificates was to upgrade WebKit; it seems to work but I don't have accounts with the online services it supports, so I don't know if photo publishing still works properly on all the services.


Discovery 2016-01-06
Entry 2016-02-05
shotwell
lt 0.22.0.99

https://mail.gnome.org/archives/distributor-list/2016-January/msg00000.html