vulnerability
FreeBSD: VID-448047e9-030e-4ce4-910b-f21a3ad5d9a0: shotwell -- not verifying certificates
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:N/C:C/I:C/A:N) | Feb 5, 2016 | Feb 8, 2016 | Dec 10, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:N)
Published
Feb 5, 2016
Added
Feb 8, 2016
Modified
Dec 10, 2025
Description
Michael Catanzaro reports: Shotwell has a serious security issue ("Shotwell does not verify TLS certificates"). Upstream is no longer active and I do not expect any further upstream releases unless someone from the community steps up to maintain it. What is the impact of the issue? If you ever used any of the publish functionality (publish to Facebook, publish to Flickr, etc.), your passwords may have been stolen; changing them is not a bad idea. What is the risk of the update? Regressions. The easiest way to validate TLS certificates was to upgrade WebKit; it seems to work but I don't have accounts with the online services it supports, so I don't know if photo publishing still works properly on all the services.
Solution
freebsd-upgrade-package-shotwell
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.