CVE-2013-0240

Priority
Description
Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before
3.7.5, does not properly validate SSL certificates when creating accounts
such as Windows Live and Facebook accounts, which allows man-in-the-middle
attackers to obtain sensitive information such as credentials by sniffing
the network.
Assigned-to
mdeslaur
Notes
mdeslaur3.2 in oneiric and 3.4 in precise only have web backends, so
the 3.4 patch will work. In 3.6+, more backends are available
that may have invalid certs, but are desirable. The 3.7 patch
adds a new configuration item, but this changes API.
jdstrandnote that CVE-2013-1799 is a result of an incomplete fix for this
CVE (and pt2 of the patch for 3.6)
Package
Upstream:released (3.4.2-2,3.6.3)
Patches:
Upstream:http://git.gnome.org/browse/gnome-online-accounts/commit/?id=edde7c63326242a60a075341d3fea0be0bc4d80e (3.7)
Upstream:http://git.gnome.org/browse/gnome-online-accounts/commit/?id=d5d229529c498ab8b19c29080dd79930fd353d93 (related)
Upstream:http://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-4&id=5a3d3862b0765385f38ca1ba2a9e2e74eb0d111d (3.4)
Upstream:https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=ecad8142e9ac519b9fc74b96dcb5531052bbffe1 (3.6 pt1)
Upstream:https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=de6ee1fa825297c6c89cddb767f4da8df6dbfca2 (3.6 related)
Upstream:https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=232bffd1dae3e708f06d83fd802a2218e43ebc5d (3.6 related)
Upstream:https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=229a82872b4c5399c1d3793c46ba5d3e19e1a8ee (3.6 related)
Upstream:https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=55f1171b15d5c307894943a6b753dd8e59b1452d (3.6 related)
Upstream:https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=03aa82a3777885fe3a06db02621852f1f8c429d8 (3.6 related)
Upstream:https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=012dbc6d6cac1ad1696dd11b96ee389f0efbb134 (3.6 related)
Upstream:https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=9cf4bc0ced2c53bcdd36922caa65afc8a167bbd8 (3.6 pt2)
More Information

Updated: 2019-12-05 21:02:11 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)