Candidate: CVE-2015-2675
PublicDate: 2017-08-18 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2675
 http://www.openwall.com/lists/oss-security/2015/03/04/6
Description:
 The OAuth implementation in librest before 0.7.93 incorrectly truncates the
 pointer returned by the rest_proxy_call_get_url function, which allows
 remote attackers to cause a denial of service (application crash) via
 running the EnsureCredentials method from the
 org.gnome.OnlineAccounts.Account interface on an object representing a
 Flickr account.
Ubuntu-Description:
Notes:
 mdeslaur> introduced by 55f8e962, which is only in 0.7.92 
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780101
 https://bugzilla.gnome.org/show_bug.cgi?id=742644
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_librest:
 upstream: https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea038
upstream_librest: released (0.7.92-3)
lucid_librest: not-affected
precise_librest: not-affected
trusty_librest: not-affected
trusty/esm_librest: DNE (trusty was not-affected)
utopic_librest: not-affected (0.7.91-1)
devel_librest: not-affected (0.7.92-3)