From Red Hat mailing list: Description of problem: Whenever I boot I see a connection to twitter servers even though I didn't add any online accounts ( and I don't have twitter ). I don't like nor want the web services. Not sure what version, so may be invalid Reproducible: Always Steps to Reproduce: 1.boot up 2.look at the connections 3.grep for "socialweb" Actual Results: 1 connection to some twitter server tcp 28 0 10.10.18.71:48311 199.59.149.232:443 CLOSE_WAIT 1529/libsocialweb-c Expected Results: NO CONNECTIONS
Should be fixed in libsocialweb-0.25.20. Note: the security impact of this is quite minor (see http://seclists.org/oss-sec/2011/q4/278) and all versions of libsocialweb are in ~arch, so I'm not sure if you really want to file a GLSA about this. > 13 Nov 2011; Alexandre Rostovtsev <tetromino@gentoo.org> > -libsocialweb-0.25.18.ebuild, +libsocialweb-0.25.20.ebuild, metadata.xml: > Bump, port to EAPI4, drop old. Notable changes: should no longer silently > attempt to connect to Twitter and other services without the user's > permission (bug #389999, CVE-2011-4129, thanks to Michael Harrison > <n0idx80@gmail.com> for reporting).
(In reply to comment #1) > Should be fixed in libsocialweb-0.25.20. Great, thank you. Closing noglsa for ~arch only package.
