CVE-2017-1000024

Priority
Medium
Description
Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to
an information disclosure in the web publishing plugins resulting in
potential password and oauth token plaintext transmission
References
Package
Upstream:released (0.24.5, 0.25.4)
Ubuntu 17.10 (Artful Aardvark):released (0.26.3-1ubuntu1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (0.18.0-0ubuntu4.5)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (0.22.0+git20160108.r1.f2fb1f7-0ubuntu1.1)
Ubuntu 17.04 (Zesty Zapus):released (0.22.0+git20160108.r1.f2fb1f7-0ubuntu3.1)
Patches:
Upstream:https://git.gnome.org/browse/shotwell/commit/?h=shotwell-0.24&id=bc26ea644264c85b9355f265b2e0afefe4943986 (0.24.x)
More Information

Updated: 2017-09-27 20:14:42 UTC (commit 13408)