CVE-2012-1177

Priority
Medium
Description
libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL
certificates, which allows remote attackers to obtain user names and
passwords via a man-in-the-middle (MITM) attack with a spoofed certificate.
References
Bugs
Assigned-to
sbeattie
Package
Upstream:released (0.10.2-1)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (0.5.2-0ubuntu1.1)
Ubuntu 11.04 (Natty Narwhal):released (0.8.0-0ubuntu1.1)
Ubuntu 11.10 (Oneiric Ocelot):released (0.9.1-0ubuntu2.1)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (0.11.1-1)
Ubuntu 12.10 (Quantal Quetzal):not-affected (0.11.1-1)
Patches:
Patch:http://git.gnome.org/browse/libgdata/commit/?id=6799f2c525a584dc998821a6ce897e463dad7840
Patch:http://git.gnome.org/browse/libgdata/commit/?h=libgdata-0-10&id=8eff8fa9138859e03e58c2aa76600ab63eb5c29c
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.28.3.1-0ubuntu6.1)
Ubuntu 11.04 (Natty Narwhal):not-affected (uses system libgdata)
Ubuntu 11.10 (Oneiric Ocelot):not-affected (uses system libgdata)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (uses system libgdata)
Ubuntu 12.10 (Quantal Quetzal):not-affected (uses system libgdata)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-08-29 19:14:18 UTC (commit 5686)