CVE-2012-1177
Published: 19 March 2012
libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate.
Priority
Status
Package | Release | Status |
---|---|---|
evolution-data-server Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(2.28.3.1-0ubuntu6.1)
|
|
natty |
Not vulnerable
(uses system libgdata)
|
|
oneiric |
Not vulnerable
(uses system libgdata)
|
|
precise |
Not vulnerable
(uses system libgdata)
|
|
upstream |
Needs triage
|
|
libgdata Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(0.5.2-0ubuntu1.1)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Released
(0.8.0-0ubuntu1.1)
|
|
oneiric |
Released
(0.9.1-0ubuntu2.1)
|
|
precise |
Not vulnerable
(0.11.1-1)
|
|
upstream |
Released
(0.10.2-1)
|
|
Patches: other: http://git.gnome.org/browse/libgdata/commit/?id=6799f2c525a584dc998821a6ce897e463dad7840 other: http://git.gnome.org/browse/libgdata/commit/?h=libgdata-0-10&id=8eff8fa9138859e03e58c2aa76600ab63eb5c29c |