Mageia Advisory: MGASA-2016-0111 - Updated shotwell packages fix security vulnerabilities

Updated shotwell packages fix security vulnerabilities

Publication date: 16 Mar 2016
Modification date: 16 Mar 2016
Type: security
Affected Mageia releases : 5

Description

Updated shotwell package fixes security vulnerabilities:

Shotwell is vulnerable to numerous security vulnerabilities, due to its use
of the old APIs of the Webkit library which are no longer maintained (the
"webkit" package in Mageia).

The shotwell package has been updated to use the current Webkit API, allowing
it to benefit from security fixes in the newer Webkit branch (the "webkit2"
package in Mageia).  Another benefit of switching to the newer Webkit branch
is that it allows shotwell to validate TLS certificates when connecting to
websites.

References

https://bugs.mageia.org/show_bug.cgi?id=17491
https://lists.fedoraproject.org/pipermail/package-announce/2016-January/175443.html

SRPMS

5/core

shotwell-0.22.1-0.20160310.1.mga5

Advisories » MGASA-2016-0111

Updated shotwell packages fix security vulnerabilities

Description

References

SRPMS

5/core