Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x
before 3.7.5, does not properly validate SSL certificates when
creating accounts such as Windows Live and Facebook accounts, which
allows man-in-the-middle attackers to obtain sensitive information
such as credentials by sniffing the network.
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-1799 to
the following vulnerability:
Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before
3.7.91, does not properly validate SSL certificates when creating
accounts for providers who use the libsoup library, which allows
man-in-the-middle attackers to obtain sensitive information such as
credentials by sniffing the network. NOTE: this issue exists because
of an incomplete fix for CVE-2013-0240.
I do not believe that CVE-2013-1799 affects us as we have the fixed 3.6.3 and 3.4.2 updates. Can someone confirm that this is indeed the case?
Just to note that CVE-2013-1799 was assigned to the incomplete fix present in 3.6.3 and 3.7.5 (I'm presuming some beta or pre-releases).
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-0240 to
the following vulnerability:
Name: CVE-2013-0240 cve.mitre. org/cgi- bin/cvename. cgi?name= CVE-2013- 0240 /mail.gnome. org/archives/ gnome-announce- list/2013- March/msg00007. html /bugzilla. redhat. com/show_ bug.cgi? id=894352 /bugzilla. gnome.org/ show_bug. cgi?id= 693214 /git.gnome. org/browse/ gnome-online- accounts/ commit/ ?h=gnome- 3-6&id= ecad8142e9ac519 b9fc74b96dcb553 1052bbffe1 /git.gnome. org/browse/ gnome-online- accounts/ commit/ ?id=bc10fdb68f7 5f8be84eb698ada 08743b9c7c248f /git.gnome. org/browse/ gnome-online- accounts/ commit/ ?id=edde7c63326 242a60a075341d3 fea0be0bc4d80e
URL: http://
Assigned: 20121206
Reference: https:/
Reference: https:/
Reference: https:/
Reference: https:/
Reference: https:/
Reference: https:/
Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x
before 3.7.5, does not properly validate SSL certificates when
creating accounts such as Windows Live and Facebook accounts, which
allows man-in-the-middle attackers to obtain sensitive information
such as credentials by sniffing the network.
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-1799 to
the following vulnerability:
Name: CVE-2013-1799 cve.mitre. org/cgi- bin/cvename. cgi?name= CVE-2013- 1799 /mail.gnome. org/archives/ gnome-announce- list/2013- March/msg00007. html /mail.gnome. org/archives/ gnome-announce- list/2013- March/msg00020. html /bugzilla. gnome.org/ show_bug. cgi?id= 693214 /bugzilla. gnome.org/ show_bug. cgi?id= 695106 /git.gnome. org/browse/ gnome-online- accounts/ commit/ ?id=9cf4bc0ced2 c53bcdd36922caa 65afc8a167bbd8
URL: http://
Assigned: 20130219
Reference: https:/
Reference: https:/
Reference: https:/
Reference: https:/
Reference: https:/
Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before
3.7.91, does not properly validate SSL certificates when creating
accounts for providers who use the libsoup library, which allows
man-in-the-middle attackers to obtain sensitive information such as
credentials by sniffing the network. NOTE: this issue exists because
of an incomplete fix for CVE-2013-0240.
I do not believe that CVE-2013-1799 affects us as we have the fixed 3.6.3 and 3.4.2 updates. Can someone confirm that this is indeed the case?