ASA-202108-8 log generated external raw

[ASA-202108-8] fossil: certificate verification bypass
Arch Linux Security Advisory ASA-202108-8 ========================================= Severity: High Date : 2021-08-10 CVE-ID : CVE-2021-36377 Package : fossil Type : certificate verification bypass Remote : Yes Link : Summary ======= The package fossil before version 2.16-1 is vulnerable to certificate verification bypass. Resolution ========== Upgrade to 2.16-1. # pacman -Syu "fossil>=2.16-1" The problem has been fixed upstream in version 2.16. Workaround ========== None. Description =========== Fossil before version 2.15.2 often skips the hostname check during TLS certificate validation. Impact ====== A man-in-the-middle attacker could spoof a Fossil repository by presenting any valid certificate for an arbitrary hostname, leading to potential information disclosure. References ==========