Debian Shotwell vulnerabilities

CVE-2017-1000024 [HIGH] CVE-2017-1000024: shotwell - Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an inf... Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission Scope: local bookworm: resolved (fixed in 0.25.4+really0.24.5-0.1) bullseye: resolved (fixed in 0.25.4+really0.24.5-0.1) forky: resolved (fixed in 0.25.4+really0.

CVE-2016-1000033 [LOW] CVE-2016-1000033: shotwell - Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL... Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks. Scope: local bookworm: resolved (fixed in 0.22.0-3) bullseye: resolved (fixed in 0.22.0-3) forky: resolved (fixed in 0.22.0-3) sid: resolved (fixed in 0.22.0-3) trixie: resolved (fixed in 0.22.0-3)