On Fri, 2015-08-28 at 13:23 -0600, Chris Murphy wrote:
That's bad. It either needs to be fixed or it needs to come with
a
warning if not outright removed from the repo. Exposing people's
Facebook credentials is not OK. So all you have to do to be
vulnerable
to this is use Shotwell with a network you can't vet or control or
trust.
Naw, you're vulnerable on any network. ;) BGP and DNS attacks are
hardly new or extraordinary things.
Link, FWIW:
https://bugzilla.gnome.org/show_bug.cgi?id=751709#c4
P.S. Note that it's still using WebKit1, which means it doesn't get
security updates anymore. Like Evolution. And Empathy.