CVE-2017-1000024

Priority
Medium
Description
Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to a
information disclosure in the web publishing plugins resulting in potential
password and oauth token plaintext transmission
References
Package
Upstream:released (0.24.5, 0.25.4)
Ubuntu 17.10 (Artful Aardvark):pending (0.26.1-0ubuntu1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (0.18.0-0ubuntu4.5)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (0.22.0+git20160108.r1.f2fb1f7-0ubuntu1.1)
Ubuntu 17.04 (Zesty Zapus):released (0.22.0+git20160108.r1.f2fb1f7-0ubuntu3.1)
Patches:
Upstream:https://git.gnome.org/browse/shotwell/commit/?h=shotwell-0.24&id=bc26ea644264c85b9355f265b2e0afefe4943986 (0.24.x)
More Information

Updated: 2017-08-11 23:24:16 UTC (commit 13081)