| Name | CVE-2013-0240 |
| Description | Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 699825 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| gnome-online-accounts (PTS) | buster | 3.30.1-2 | fixed |
| bullseye | 3.38.0-3 | fixed | |
| bookworm | 3.46.0-1 | fixed | |
| trixie | 3.49.0-1 | fixed | |
| sid | 3.50.1-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| gnome-online-accounts | source | (unstable) | 3.4.2-2 | 699825 |