Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2016-10130 - log back

CVE-2016-10130 created at 25 Sep 2019 19:31:40

Severity

+

High

Remote

+

Remote

Type

+	Insufficient validation

Description

+

An issue has been discovered when checking certificate validity before clobbering the error variable. A valid parameter is provided to indicate whether the native cryptographic library considered the certificate to be correct. This parameter is always 1/true before the fix leading to a possible man-in-the-middle (MITM).

References

+	https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22

Notes