CVE-2016-10130 - log back

CVE-2016-10130 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Insufficient validation
Description
+ An issue has been discovered when checking certificate validity before clobbering the error variable. A valid parameter is provided to indicate whether the native cryptographic library considered the certificate to be correct. This parameter is always 1/true before the fix leading to a possible man-in-the-middle (MITM).
References
+ https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22
Notes