shotwell -- not verifying certificates
Michael Catanzaro reports:
Shotwell has a serious security issue ("Shotwell does not
verify TLS certificates"). Upstream is no longer active and
I do not expect any further upstream releases unless someone
from the community steps up to maintain it.
What is the impact of the issue? If you ever used any of
the publish functionality (publish to Facebook, publish to
Flickr, etc.), your passwords may have been stolen; changing
them is not a bad idea.
What is the risk of the update? Regressions. The easiest
way to validate TLS certificates was to upgrade WebKit; it
seems to work but I don't have accounts with the online
services it supports, so I don't know if photo publishing
still works properly on all the services.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright