Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.
lists.opensuse.org/opensuse-updates/2013-02/msg00046.html
secunia.com/advisories/51976
secunia.com/advisories/52791
ubuntu.com/usn/usn-1779-1
bugzilla.gnome.org/show_bug.cgi?id=693214
bugzilla.redhat.com/show_bug.cgi?id=894352
git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=ecad8142e9ac519b9fc74b96dcb5531052bbffe1
git.gnome.org/browse/gnome-online-accounts/commit/?id=bc10fdb68f75f8be84eb698ada08743b9c7c248f
git.gnome.org/browse/gnome-online-accounts/commit/?id=edde7c63326242a60a075341d3fea0be0bc4d80e
mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html