Bug 9532 - gnome-online-accounts new security issue CVE-2013-1799
Summary: gnome-online-accounts new security issue CVE-2013-1799
Status: RESOLVED INVALID
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: i586 Linux
Priority: Normal major
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/544356/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-03-25 21:50 CET by David Walser
Modified: 2013-04-01 12:06 CEST (History)
3 users (show)

See Also:
Source RPM: gnome-online-accounts-3.6.2-5.mga3.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2013-03-25 21:50:52 CET 
Ubuntu has issued an advisory today (March 25):
http://www.ubuntu.com/usn/usn-1779-1/

I don't think they actually fixed this CVE in 3.4.0 (Ubuntu 12.04 LTS), as they only have a patch for CVE-2013-0240, and it's the same patch we used in our previous update.  It's possible that this particular CVE doesn't affect 3.4.x.

For 3.6.x, it's fixed upstream in 3.6.3.  See below.

References:
https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html
http://www.mail-archive.com/pld-cvs-commit@lists.pld-linux.org/msg305138.html
https://bugzilla.gnome.org/show_bug.cgi?id=695106

Reproducible: 

Steps to Reproduce:
David Walser 2013-03-25 21:51:26 CET

CC: (none) => fundawang, jani.valimaa, olav

Comment 1 Jani Välimaa 2013-04-01 12:01:22 CEST 
We already have 3.6.3, it was pushed almost a month ago.
Comment 2 David Walser 2013-04-01 12:06:49 CEST 
Oops, sorry, and thanks.  Debian says only 3.6.x and 3.7.x is affected.

Status: NEW => RESOLVED
Resolution: (none) => INVALID
Note You need to log in before you can comment on or make changes to this bug.