Advisories » MGASA-2017-0480

Updated shotwell packages fix security vulnerability

Publication date: 31 Dec 2017
Modification date: 31 Dec 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-1000024

Description

It was discovered that Shotwell is vulnerable to an information
disclosure in the web publishing plugins resulting in potential
password and oauth token plaintext transmission (CVE-2017-1000024).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21478
• https://usn.ubuntu.com/usn/usn-3379-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000024

SRPMS

5/core

• shotwell-0.22.1-0.20160310.1.1.mga5