Gwibber

Not deleting posts when commanded

Bug #616798 reported by Colin Dean on 2010-08-12

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	Gwibber	Fix Released	Undecided	Ken VanDine	Gwibber 2.31.91
	gwibber (Ubuntu)	Fix Released	Undecided	Ken VanDine

Bug Description

When using the gear menu to delete a post (at least with Twitter and Identica), Gwibber confirms that the post has been deleted, but does not actually delete the post in the service! This false positive is likely to be *very* frustrating, as a user could post something inadvertently and think they've deleted it when they really haven't.

Steps to reproduce:

1. Send an update to Twitter or Identica.
2. Observe the post in your Gwibber stream.
3. Use the gear menu's Delete function
4. Observe notification that the post has been deleted.
5. Reload updates, or visit your profile on one of the services.
6. Observe that the message is still there.

I'm calling this a security vulnerability because the user could accidentally disclose information and Gwibber makes them think they've resolved the disclosure when they really haven't.

Tags:

Related branches

lp:~roignac/gwibber/Bug616798

Merged into lp:gwibber at revision 822

gwibber-committers: Pending requested 2010-08-23

lp:gwibber

lp:ubuntu/maverick/gwibber

lp:~webapps/+junk/gwibber-opensesame-packaging

Colin Dean (colindean) on 2010-08-12

visibility:

private → public

Ken VanDine (ken-vandine) on 2010-08-24

Changed in gwibber:
assignee:	nobody → Ken VanDine (ken-vandine)
Changed in gwibber (Ubuntu):
assignee:	nobody → Ken VanDine (ken-vandine)
Changed in gwibber:
status:	New → Fix Committed
milestone:	none → 2.31.91

Kees Cook (kees) on 2010-08-28

security vulnerability:

yes → no

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-09-01:

This bug was fixed in the package gwibber - 2.31.91-0ubuntu1

---------------
gwibber (2.31.91-0ubuntu1) maverick; urgency=low

  * New upstream release
    - Port twitter service to OAuth, basic auth is no longer
      supported (LP: #627565)
    - Delay setting the position of the vertical splitter
    - Fix PerformOp for single operation, including delete and
      like (LP: #616798)
    - Make the string for the Translate action i18n
      friendly (Vadim Rutkovsky)
    - Convert identi.ca groups (!) to hashtags (#) for re-denting if
      global_retweet is true (Vadim Rutkovsky) (LP: #539786)
    - Handle null responses gracefully (James Ogley) (LP: #623309)
    - recognize valid unicode URLs (LP: #333390)
    - Don't crash if there is an invalid value for a preference (LP: #623335)
  * debian/gwibber-service.install
    - Install files needed for twitter oauth
-- Ken VanDine <email address hidden> Mon, 23 Aug 2010 23:35:05 -0400

Changed in gwibber (Ubuntu):
status:	New → Fix Released

Ken VanDine (ken-vandine) on 2010-09-09

Changed in gwibber:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.