Security update for shotwell SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0642-1 Final 1 1 2018-03-09T07:31:19Z current 2018-03-09T07:31:19Z 2018-03-09T07:31:19Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for shotwell This update for shotwell fixes the following issues: Security issue fixed: - CVE-2017-1000024: Use HTTPS encryption all over the publishing plugins (bsc#1054311). This update was imported from the SUSE:SLE-12-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-03/msg00025.html E-Mail link for openSUSE-SU-2018:0642-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 shotwell-0.22.0+git.20160103-16.1 shotwell-lang-0.22.0+git.20160103-16.1 shotwell-0.22.0+git.20160103-16.1 as a component of openSUSE Leap 42.3 shotwell-lang-0.22.0+git.20160103-16.1 as a component of openSUSE Leap 42.3 Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission CVE-2017-1000024 openSUSE Leap 42.3:shotwell-0.22.0+git.20160103-16.1 openSUSE Leap 42.3:shotwell-lang-0.22.0+git.20160103-16.1 moderate 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-03/msg00025.html https://www.suse.com/security/cve/CVE-2017-1000024.html CVE-2017-1000024 https://bugzilla.suse.com/1054311 SUSE Bug 1054311